I have a simple question to which I couldn't find the answer on this page:
https://codeigniter.com/userguide3/libraries/sessions.html#how-do-sessions-work
That is why I ask it here.
But first, let's assume that session will expire in 600 seconds (10 minutes).
So, when the session cookie will actually expire?:
- from the first time I open a Codeigniter website and use it for 10 minutes, or
- 10 minutes after I stop opening pages on that website
Another question if the answer is 1:
- Can I somehow extend the session every time the user access the website?
Another question if the answer is 2:
- what is happening with sess_time_to_update? Can I extend the life of session_id to match the life of the session too?
CodePudding user response:
Assuming $config['sess_expiration'] = 600; (10 minutes), the session cookie will expire 10 minutes after the last time you accessed the page, or "answer 2" as you called it.
sess_time_to_update controls how long before the session ID is changed, but that has nothing to do with expiration and is entirely transparent to you and/or the user - the ID itself will be changed for security purposes, but all other attributes will be preserved.
The "life of session_id" and "life of the session" are one and the same thing; there will never be a mismatch between them. A file or database record of the expired session may remain for a bit on the server, until the garbage collector clears it up, but without an ID stored in the cookie you effectively have no active session.