3 replies to this topic

[alrazy1]

session_set_cookie_params(2*7*24*60*60); 

// Making the cookie live for 2 weeks

 
session_start(); 

i dont understand the php definition of this function , they say :

Set cookie parameters defined in the php.ini file. The effect of this function only lasts for the duration of the script. Thus, you need to call session_set_cookie_params() for every request and before session_start is called.

that what i dont understand is :

• why they said " The effect of this function only lasts for the duration of the script"?
  
• what is the duration of the script they mean ?!
  
• what then the specified $lifetime in seconds mean if its stop after the script end?
  
• in my example 2*7*24*60*60 the session should be available for the next two weeks how ?!!
  
• what is the default life time of a php session ?

best regards.

[Alexander]

The execution time of the script is generally when the user loads the page in their browser.

session_start() does two things, it creates a temporary file on the server of which to store session data, and also sends a cookie to the user's browser. This cookie has a default expiration time, so calling session_set_cookie_params(seconds) will change the default expiration time of the cookie to what you define. The cookie basically points the client to their session so it is required to access the session.

In our parameters: we are using seconds, so 60 * 60 = 60 minutes, * 24 = 1 day, * 7 = one week, * 2 = two weeks, in seconds.

A session's lifetime on the server is separate from the cookie and can vary greatly, but it is around 20-40 minutes by default. You can edit the php setting ini_session.gc_maxlifetime to modify this behaviour.

[alrazy1]

thank you realy for your effort helping me understand but i still dont understand 100%.
ession_set_cookie_params(2*7*24*60*60) the session cookie will be available in the client browser for the next two weeks , but how this will help if the session info itself at the server side will live only 20-40 minutes by default , so its will be usefull only for the first 20-40 minutes or untill the user close his browser ?
if we want to keep a user logged_in for two weeks we need to change the default ini_session.gc_maxlifetime = 2*7*24*60*60 also ?
isnt there a better way to keep the user logged in for two weeks ?
best regards.

[Alexander]

Yes, you would need to set session.gc_maxlifetime to that as well to complement the cookie's expiry time, just note in php.ini you need to set it to roughly 1209600 not "2*7*24*60*60" as php.ini won't do the math for you.