Can anyone please tell me the exact difference between these two:
session_set_cookie_params(seconds)
ini_set("session.cookie_lifetime", seconds)
I have read at several places that to increase PHP session timeout, we need to do following setting in our script:
ini_set("session.gc_maxlifetime", seconds);
Additionally, we also need to tell client to remember session id for specific time. So I am not sure that which one to use - 1 or 2 (above).
CodePudding user response:
session_set_cookie_params(seconds)
and ini_set("session.cookie_lifetime", seconds)
both set the lifetime of a session cookie, which determines how long the cookie, and therefore the session, will remain valid on the client's browser.
session_set_cookie_params(seconds)
sets the lifetime of the cookie for the current session, whereas ini_set("session.cookie_lifetime", seconds)
sets the lifetime of the cookie for all future sessions.
ini_set("session.gc_maxlifetime", seconds);
is used to set the maximum lifetime of a session. This setting determines how long a session can remain inactive before it is garbage collected by PHP. This setting is important, because if the user's cookie lifetime is longer than the session's lifetime, the user will be able to access the session even if the session data has been removed by the garbage collector.
In general, you should use both session_set_cookie_params(seconds)
and ini_set("session.gc_maxlifetime", seconds);
to increase the PHP session timeout. The first sets the cookie lifetime for the current session, and the second sets the maximum lifetime for all future sessions. This way you are instructing the client to remember the session id for a specific time and also you are making sure that the session data is not garbage collected before the cookie expires.