Hello, I'm interested in correcting errors in the documentation of the session.gc_max_lifetime option. php.ini-dist states:
; After this number of seconds, stored data will be seen as 'garbage' and ; cleaned up by the garbage collection process. session.gc_maxlifetime = 1440 However the code itself deletes the session only if 1440 seconds have passed since the modification time of the session file (at least for file-based sessions). So gc_maxlifetime is mislabeled - it should be gc_maxidletime. Session lifetimes can be much longer as long as the user hits the server every gc_maxlifetime seconds. Renaming it is probably unrealistic, but its actual meaning should be documented. It did occur to me that things might not be precisely as I've described them if PHP tries to be subtle about it and not write to the session file in the event that its contents have not changed. However, I've done a little digging in the source code and I've found no evidence that PHP tries to avoid writing to the session file at shutdown time. Also, until somewhere in the 4.x series PHP used to use atime (access time) rather than mtime, and only backed off that because it was incompatible with operating systems that don't support atime. So it does appear that an idle timeout is the intention. The current contents of php.ini-dist and http://www.php.net/manual/en/session.configuration.php#ini.session.gc-maxlifetime refer to the lifetime of data, not the lifetime of a session. So they are not flat wrong. But they are confusing and I'd like to contribute a clarified version. How would I go about getting access to do that? Thanks! -- Tom Boutell P'unk Avenue 215 755 1330 punkave.com window.punkave.com
