PHP - Do you need to set the session data again to reset the lifetime?

Question

...or do you only need to start a new session?

I've been given the task of fixing a bug that causes sessions to expire even though the session.gc_maxlifetime is set to 8 hours (It does get set, i've checked).

After going through the code, i noticed that session_start() is called on every load, as predicted, but the login-data sessions are only set when the user logs in.

Do i need to set the user data sessions on every page load for the session-lifetime to reset?

I need the session to be alive for 8 hours, even if the page doesn't reload.

Answer 1

You need to set the session variable again.

One method, use $_SESSION['last_click_time'] = time(); and compare it. If it's outdated, refresh the session variable, log the user back in, etc etc.

Answer 2

You are probably using the default location for session files and it's a temporary directory shared by all web sites on the server. In that case, the site with shortest session.gc_maxlifetime will probably remove session data from all sites. The reason is that there's no way to determine what site owns what session file.

You'll need to create a custom directory for sessions and specify it with session.save_path