Kohana 3.2 session expires too soon, shorter expirations work as expected
https://stackoverflow.com/questions/10748670
-
10-06-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
Kohana 3.2 sessions are expiring too soon. My current config is:
return array(
'native' => array(
'name' => 'kohanasession',
'lifetime' => 0,
),
);
Using lifetime => 0 means that the session will end when the browser is closed. However, after 1 hour, the session expires.
I also tried to use a lifetime different (for example 36000 => 10 hours), but again, it failed.
If I use a tiny session life (e.g. 10 seconds) then the expiration works perfectly. As far as I checked, seems that if I want a session to have a lifetime longer than 1 hour, it will not work.
Finally, the relevant config we use for php.ini
session.save_handler = memcache
session.save_path="tcp://127.0.0.1:11211?persistent=1&weight=1&timeout=1&retry_interval=15"
session.cache_limiter = nocache
session.gc_probability = 0
I am really lost here. This should be simple to fix but I just cannot work it out.
Solution
The lifetime => 0 parameter is likely only affecting the session cookie's lifetime.
What's probably happening is that, while the cookie is working fine, you're throwing away the users' session data on the server side. PHP has session garbage collection that's a little odd by default: it marks sessions as expired after 24 minutes of idle time, and has a 1% chance on each request to clean up all the expired sessions.
You can increase the PHP ini setting session.gc_maxlifetime, or you could set session.gc_probability to zero to disable automatic session garbage collection entirely.
Of course, there's also the possibility that your memcached server is configured to throw away the data after some time period.
Update: For the average session handler, setting session.gc_probability to zero would be the way to go to disable the automatic cleanup entirely. However, the memcache session handler actually already doesn't do garbage collection (its gc callback does nothing). So, changing either of session.gc_probability or session.gc_divisor is pointless with that save handler.
Instead, the memcache save handler automatically sets an expiration when saving the session data to the memcached server (a la the expire param to Memcache::set). The handler reads the expiration time to use from the session.gc_maxlifetime setting. So, that's the only GC setting that really matters when you're using the memcache session save handler.
