PHP sessions: What if I set the session expiry to 10 days?

I want the users of my applicat开发者_Go百科ion to stay logged in for very long periods of time. The problem is the the session expires on the server end, thus losing variables stored in the session. So, I'm setting the session to expire in 10 days.

My question is: Is there any security or performance issues of setting the GC expiry and cookie lifetime to 10 days?

ini_set('session.cookie_lifetime', 864000);
ini_set('session.gc_maxlifetime', 864000);

Obviously the greater the session timeout the greater the risk of cookie/session hijacking but unless you're dealing with highly sensitive information (health records, online banking, etc) I would be inclined to do as you do. In fact I have.

You will increase the risk of session hijacking.

I would periodically call session_regenerate(). That would mitigate the risk for users that actually log in, but do nothing for those who don't.