Professional Documents
Culture Documents
Below are some of the reasons why the sessions may seem to expire too soon:
Session Timeout Configuration: By default, PHP sessions are set to expire
after 1440 seconds (24 mins) of inactivity. This duration can be changed in
the php.ini, .htaccess, or PHP files. If this value is set too low, the sessions
will expire too soon before the users are done with their activities.
Inactivity of Users: If users do not actively participate in the session for a
timeframe longer than the session timeout duration, that can also lead to
session expiration before they have finished their activity.
Server Load: If the server is under heavy load or has too many active
sessions, it may not be able to keep all the sessions active, leading to some
expiring too soon.
Expired Cookies: Though the user information in PHP sessions is stored on
the server, the session ID is stored in a cookie on the user's computer, so that
the server can identify the user in subsequent requests. If the browser is
configured to delete cookies when it is closed or after a certain period of time,
the session will expire prematurely.
Network Interruptions: Another reason why PHP sessions can expire too
soon is due to network interruptions. If the connection between the client and
the server is lost or interrupted, the session can be lost, leading to expiration.
Shared Session Directory: Session files on the server are cleaned up by the
garbage collector based on the value in the session.gc_maxlifetime directive.
If different websites have different values of this directive but share the same
directory for storing the session data, then the garbage collector uses the
minimum value to clean the data. Since by default PHP stores all session files
in the same directory, other PHP processes running on the same server can
set a shorter expiration time and cause their session data to be removed
together with yours.
ini_set('session.gc_maxlifetime', 3600);
session_set_cookie_params(3600);
session_start();
?>
Copy
If the pages are many, you can just create a file, add these lines and then add it at
the top of the files using the include() function. This will enable easy editing if you
want to change the session duration.
Alternatively, you can adjust the session timeout in the php.ini file as below.
session.gc_maxlifetime = 3600
Copy
Reduce the frequency of garbage collection
Every time a new session is started, there's a chance that garbage collection will
happen. When garbage collection happens, it expires/trashes any session files that
haven't been accessed in more than the session.gc_maxlifetime.
You can reduce the probability of garbage collection happening on every session
initialization by configuring
the session.gc_probability and session.gc_divisor directives. The default value for
session.gc_probability is 1, while that of session.gc_maxlifetime is 100.
The probability is calculated using gc_probability/gc_divisor, e.g. 1/100 means there
is a 1% chance that the garbage collection process starts on each request.
You can check and change these values in the php.ini file like in the example below
to have a low probability.
session.gc_probability = 1
session.gc_divisor = 100
Copy
<?php
session_start();
?>
Copy
Setting session.cookie_lifetime value to 0 will keep the session active until the
browser is closed.
ini_set('session.save_path', '/home/username/sessions');
ini_set('session.gc_maxlifetime', 3600);
session_start();
?>
Copy
Alternatively, you can set this in your php.ini file. In cPanel, specify the full path via
the MultiPHP INI Editor or directly in the php.ini file in the File Manager.
session.save_path = "/home/username/sessions"
session.gc_maxlifetime = 3600
Copy
Remember to replace "username" in the path with your actual username in the file
manager.
Security Measures
One of the main reasons for session expired errors is due to security measures put
in place by websites and applications. These measures are designed to protect your
data from unauthorized access, but they can also cause sessions to expire
prematurely. To prevent this from happening, make sure that your security settings
are up-to-date and that you are using a strong password.
Ring-fencing
Ring-fencing is a technique used to isolate certain parts of an application or website.
This can help prevent session expired errors by ensuring that each section of the
application has its own session. By doing this, you can prevent one session from
affecting another, which can help reduce the risk of data loss or corruption.
Transact Actions
When you are performing actions within an application or website, it is important to
make sure that each action is properly transacted. This means that each action
should be treated as a separate transaction, with its own session and set of data. By
doing this, you can reduce the risk of data loss or corruption, and ensure that your
sessions remain active.
Regular Updates
Finally, it is important to keep your applications and websites up-to-date. Regular
updates can help prevent session expired errors by fixing bugs and improving
performance. By keeping your software up-to-date, you can ensure that your
sessions remain active and your data stays secure.
Conclusion
PHP sessions essential in web development and expiring too soon can be frustrating
and inconvenient for users. we have covered several ways in which you can fix this
issue.