Using Xampp, php's session timeout doesn't work

Question

I tried to change the value of session.gc_maxlifetime in php.ini to a small value so I could check if the session timeout was working or not, but the session never seems to expire. I also restarted apache to reload the php.ini. Does anyone know what can be the cause ?

Answer 1

The directive is called session.gc_maxlifetime and the gc prefix provides a little hint on how it works: PHP includes a built-in garbage collection process that takes care of physically removing obsolete session data from disk. But that process is not launched on every PHP request because that'd be an unnecessary overhead (even a single HTML document can trigger the execution of some dozen PHP scripts). Instead, it's executed randomly. That's controlled by the two other directives that start with "gc_":

• session.gc_probability
• session.gc_divisor

Quoting from the manual:

session.gc_divisor coupled with session.gc_probability defines the probability that the gc (garbage collection) process is started on every session initialization. The probability is calculated by using gc_probability/gc_divisor, e.g. 1/100 means there is a 1% chance that the GC process starts on each request.

All this means that you cannot really know whether session.gc_maxlifetime is being honoured until the process runs. And if you're testing it in your local development box the process will run very few times (unlike your live server where there're thousand hits per minute).

A quick way to force it is to make gc_probability equal to gc_divisor so probability becomes 1.