session_gc: maxlifetime vs probability/divisor

Not for 'how-to' coding questions but PHP theory instead, this forum is here for those of us who wish to learn about design aspects of programming with PHP.

Moderator: General Moderators

Post Reply
keith012
Forum Newbie
Posts: 3
Joined: Sat Jul 24, 2010 2:27 am

session_gc: maxlifetime vs probability/divisor

Post by keith012 »

maxlifetime vs probability/divisor, which one has higher priority?

For example,
setting: maxlifetime = 1440 (24 minutes)
probability/divisor = 1/100 = 1% : all session data will be erased once per 100 new session.

According to php.net, when user inactive (due to preparing the writing) more than 24 minutes, the session will still persist as long as number of new session not yet reach 100 (probability/divisor).

What if this is a high traffic website, there is already 100 session within 12 minutes? Will all the session been deleted regardless of their maxlifetime? Or will the garbage collector check their maxlifetime and only delete those already expired?

What is the reference point of maxlifetime?
Is the time elapsed counted from the first session_start() statement of the first script called?
Or every scripts called within the same session will reset this timer? If so, what is the criteria? by executing session_start() or changing the session data?

I need to clear about this before I can implement solution to make sure the user session will maintain as long as the user not logout, not closing the browser.
If user inactivity more than maxlifetime(24 minutes), I can poke them with javascript to decide whether to continue the session or not. If no response from them, then the session will expire when maxlifetime reach.

I couldnt find detail explanation on this topic from php.net or else where.
Please kindly help and advice.

Thanks!
Keith
User avatar
Eran
DevNet Master
Posts: 3549
Joined: Fri Jan 18, 2008 12:36 am
Location: Israel, ME

Re: session_gc: maxlifetime vs probability/divisor

Post by Eran »

You misunderstood how those settings works. They work together, not provide alternatives.
probability / divisor is the chance on any given request that garbage collection would take place. When that happens, any session that exceeds its maxlifetime (since it was created) would be deleted. On higher traffic websites you need lower GC probability since there are more requests.
keith012
Forum Newbie
Posts: 3
Joined: Sat Jul 24, 2010 2:27 am

Re: session_gc: maxlifetime vs probability/divisor

Post by keith012 »

Thanks Pytrin, you've cleared my misconcept of it.
Please correct me if I'm wrong:

1) When a new session start, which is by the first script called with session_start() statement, that session will be assigned the default value of gc_maxlifetime & probability/divisor, if we do not set it with ini_set().

Which one is correct? (2a) or (2b)?
2a) For each session_start() statement called by the following scripts, the dateOfModified of the session will be updated to the time when that session_start() is executed.
2b) The session_start() will not update the dateOfModified of the session. In order for the dateOfModified of the session to be updated, I must edit/modify some session's data, e.g. $_SESSION['name'], at the following scripts.

3) When the garbage collector been trigger by probability/divisor, then, if(currentTime - dateOfModified) > gc_maxlifetime for that session, it will be deleted.

Thanks again for your kind advice.
User avatar
Eran
DevNet Master
Posts: 3549
Joined: Fri Jan 18, 2008 12:36 am
Location: Israel, ME

Re: session_gc: maxlifetime vs probability/divisor

Post by Eran »

Sessions don't get assigned anything. The PHP ini settings work independently from any particular session. For each request that uses PHP, a check is made against probability / divisor to determine whether to trigger garbage collection on the cookies. If it is triggered, any sessions that are older than the gc_maxlifetime at the time GC is triggered, will be removed - regardless of what the value of maxlifetime was when they were created. If you modify sessions, it will have the time of change as reference.
keith012
Forum Newbie
Posts: 3
Joined: Sat Jul 24, 2010 2:27 am

Re: session_gc: maxlifetime vs probability/divisor

Post by keith012 »

I see. So, as long as I edit any $_SESSION['xxx'] within the time limit as set in the PHP.ini session_gc_maxlifetime, my session will not be deleted, regardless of whether garbage collector being triggered or not, right?
Post Reply