PHP 会话不会在每个请求上延长 Cookie 过期时间 [英] PHP Sessions Not Extending Cookie Expiration on Each Request

问题描述

session_start() 是否应该通过 session.gc_maxlifetime 变量延长会话 ID cookie 的寿命?

Is session_start() supposed to extend the life of the session ID cookie by the session.gc_maxlifetime variable?

我的 session.gc_maxlifetime 是 24 分钟，每次会话只有 24 分钟，而不管网站上是否有其他活动.我得到我的会话，刷新页面，过期时间没有改变.无论如何，这都会导致在登录 24 分钟后注销.我的配置有问题吗?

My session.gc_maxlifetime is 24 minutes, and each session is only living 24 minutes regardless of additional activity on the site. I get my session, refresh the page, and the expiration time does not change. This results in a logout after 24 minutes of login, no matter what. Is there something wrong with my configuration?

推荐答案

我认为这篇文章将提供您正在寻找的解决方案:PHP 中的会话超时:最佳实践

I think this post will provide the solution you are looking for: Session timeouts in PHP: best practices

基本上，当 session_start() 被调用时，有 1% 的概率(默认情况下)会运行垃圾收集器.当垃圾收集器运行时，它会扫描并删除过期的会话.但是，当您是访问该页面的唯一用户(在开发期间您可能是)或用户很少时，垃圾收集器只会在您访问页面时运行.这发生在 session_start() 被调用之后，有效地重置了计时器.不要试图解决这个问题，只需实现您自己的 session_start() 函数来强制超时.试试我上面给你的链接中 @Glass Robot 发布的功能.

Basically, when session_start() is called, there is a 1% probability (by default) that the garbage collector will be run. When the garbage collector is run it scans for and deletes expired sessions. However, when you are the only user accessing the page (which you probably are, during development) or there are very few users, the garbage collector will only run when you access a page. This happens AFTER session_start() is called, effectively resetting the timer. Instead of trying to work around this, just implement your own session_start() function which enforces the timeout. Try the function that the @Glass Robot posted, in the link I gave you above.

这篇关于PHP 会话不会在每个请求上延长 Cookie 过期时间的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！