session.gc_maxlifetime not working for me

i want to set session time out limit by 3 min ,

i have used this in the page

ini_set("session.gc_maxlifetime", "50"); not working

Solution for this

if (isset($_SESSION['LAST_开发者_如何学JAVAACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > 1800)) { // last request was more than 30 minates ago session_destroy(); // destroy session data in storage session_unset(); // unset $_SESSION variable for the runtime } $_SESSION['LAST_ACTIVITY'] = time(); // update last activity time stamp

Three variables are used to define the garbage collection behavior of PHP session variables:

1. session.gc_maxlifetime is the lifetime in seconds for the session files (default value: 1440 = 24 minutes)
2. session.gc_probability is the nominator for the probability to execute the garbage collector (default = 1)
3. session.gc_divisor is the denominator for the probability to execute the garbage collector (default = 100 or 1000)

The nominator and denominator are used together to determine the probability (nominator / denominator). So when session.gc_probability is 1 and session.gc_divisor 100 this is 1 / 100 = 1 %. So 1 % of every page visit (= every session_start call) the garbage collector is executed.

If you want to test how your session expires, you need to set session.gc_probability and session.gc_divisor to 1, so each page visit will cause the garbage collector to run. Furthermore you need to use two different browsers for the test. The session of the first browser becomes cleaned when you visit your page with the second browser (and the session of the first browser is timed out). In my tests, when you use only one browser, the session becomes automatically extended although it is outdated.

The session will live as long as the file is left on the server's file system. They are cleaned out by a garbage collector. The garbage collector is run approximately every hundred page loads on the server (this is rather random, the "every hundred" page loads is just an average).

Also, the age of the session is inactive age, not total age. The timer will be reset for that session every time the user does a request.

The unit for the session.gc_maxlifetime value is seconds. So you would need to set it to 180 seconds to express 3 minutes.

But besides that, session.gc_maxlifetime is not reliable (see this post for an explanation). You should better implement that on your own to have your session expired after exactly 3 minutes.