php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Doc Bug #3793 session.gc_maxlifetime does not work
Submitted: 2000-03-10 09:38 UTC Modified: 2002-08-16 21:32 UTC
Votes:7
Avg. Score:4.3 ± 0.9
Reproduced:4 of 5 (80.0%)
Same Version:4 (100.0%)
Same OS:2 (50.0%)
From: kori_mail at hotmail dot com Assigned:
Status: Closed Package: Documentation problem
PHP Version: 4 .1.2 OS: Windows 98
Private report: No CVE-ID: None
 [2000-03-10 09:38 UTC] kori_mail at hotmail dot com
Session.gc_maxlifetime in my PHP.INI is for testing set to 120 seconds, but I can read session variables values later then 1 hour.

When I set "session.gc_probability = 100", every new session ID creating (other user request script) cause delete ALL session files including files that are not seen as "garbage"(lifetime of these files is < 120 sec.).

I do not use cookies with sessions, I use SID.

I am running PHP as CGI with APACHE 3.0.11 under Windows 98.

SESSION section of my PHP.INI:

[Session]
session.save_handler      = files   ; handler used to store/retrieve data
session.save_path         = C:/Win98/temp    ; argument passed to save_handler
                                    ; in the case of files, this is the
                                    ; path where data files are stored
session.use_cookies       = 0       ; whether to use cookies
session.name              = PHPSESSID  
                                    ; name of the session
                                    ; is used as cookie name
session.auto_start        = 0       ; initialize session on request startup
session.cookie_lifetime   = 0       ; lifetime in seconds of cookie
                                    ; or if 0, until browser is restarted
session.cookie_path       = /       ; the path the cookie is valid for
session.cookie_domain     =         ; the domain the cookie is valid for
session.serialize_handler = php     ; handler used to serialize data
                                    ; php is the standard serializer of PHP
session.gc_probability    = 1       ; procentual probability that the 
                                    ; 'garbage collection' process is started
                                    ; on every session initialization
session.gc_maxlifetime    = 120    ; after this number of seconds, stored
                                    ; data will be seen as 'garbage' and
                                    ; cleaned up by the gc process
session.referer_check     =         ; check HTTP Referer to invalidate 
                                    ; externally stored URLs containing ids
session.entropy_length    = 0       ; how many bytes to read from the file
session.entropy_file      =         ; specified here to create the session id
; session.entropy_length    = 16
; session.entropy_file      = /dev/urandom
session.cache_limiter     = nocache ; set to {nocache,private,public} to
                                    ; determine HTTP caching aspects
session.cache_expire      = 180     ; document expires after n minutes



-----------------------------


PS: Sorry for my English :-)




Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2000-07-06 08:49 UTC] sas at cvs dot php dot net
This has been fixed in PHP 4.0.1. Please upgrade.
 [2000-08-08 08:54 UTC] kori_mail at hotmail dot com
I am sorry, but the reported errors are still in verson 4.0.1 pl2. 

"session.gc_probability = 100" setting in PHP.INI delete ALL other sessions 
(only one session can be used at the time - if are connected 2 clients to 
server, the second client owerwrites or deletes session of the first client, 
etc.). 

"session.gc_maxlifetime" also does not work = I can read values from the 
session while the session is manualy deleted  (when "session.gc_probability 
is set to 1). 

The session_destroy() function also does not work (Values of variables are 
still in the session file after calling this function). 

Other session related functions works OK. 

Tested OS:  Windows 2000 Professional 
PHP version: 4.0.1 pl2 with included PHP.INI-DIST (CGI) 
WWW server: Apache 1.3.12 running as a service. 

Jiri Kori
 [2000-08-08 09:32 UTC] hholzgra@php.net
seems to be a windows-only problem,
maybe related to atime and unlink
incompatibilites?
 [2000-08-08 10:10 UTC] stas@php.net
Do you use NTFS or FAT on partition where session files are stored?
 [2000-08-08 17:19 UTC] kori_mail at hotmail dot com
I use FAT32. I will try NTSF tomorow...
 [2000-08-08 18:18 UTC] kori_mail at hotmail dot com
Please, download and try my sample scipts from 

http://www.webace.cz/session.zip

There is my PHP.INI for testing use also...
 [2000-08-28 14:04 UTC] sniper@php.net
Please attach your test scripts into this report directly.

(We are so lazy that we don't want to go and download
something from some url and then unzip it and then attach
it here by ourselves..=)

And by attaching those scripts here, they will be available
all time even if your site is down or you decide to delete 
that zip-file.

--Jani
 [2000-09-12 21:58 UTC] kori_mail at hotmail dot com
To Jani: OK, there are my sample scripts :-)


----- index.php ----

<?php

	
	session_name("uid");
	session_start();

	session_register("param1");	
	
	$param1 = "registered";

	$t = "Value of param1 is  <b>" . $param1 . "</b></br>";

	$t .= "Session ID is: <b>" . session_id() . "</b><br><br>";

	$t .= "SID is: <b>" . SID . "</b><br><br>";

	$t .= "<a href=\"test.php?" . SID . "\">Click here</a>";		

	print($t);

?>



------ test.php -----


<?php

	
	session_name("uid");
	session_start();

	$t = "Value of param1 is  <b>" . $param1 . "</b></br>";

	$t .= "Session ID is: <b>" . session_id() . "</b><br><br>";

	$t .= "SID is: <b>" . SID . "</b><br><br>";

	$t .= "<a href=\"test.php?" . SID . "\">Click here after 60 seconds</a><br>";		

	$t .= "<a href=\"destroy.php?" . SID . "\">Click here to destroy session</a>";		

	print($t);

?>





------ destroy.php ------

<?php

	
	session_name("uid");
	session_start();

	session_destroy();

	$t = "Value of param1 is  <b>" . $param1 . "</b></br>";

	$t .= "Session ID is: <b>" . session_id() . "</b><br><br>";

	$t .= "SID is: <b>" . SID . "</b><br><br>";

	$t .= "<a href=\"test.php?" . SID . "\">Click here</a><br>";	

	print($t);

?>





----- PHP.INI (session section) -----


[Session]
session.save_handler      = files   ; handler used to store/retrieve data
session.save_path         = C:/WINNT/Temp    ; argument passed to save_handler
                                    ; in the case of files, this is the
                                    ; path where data files are stored
session.use_cookies       = 0       ; whether to use cookies
session.name              = PHPSESSID  
                                    ; name of the session
                                    ; is used as cookie name
session.auto_start        = 0       ; initialize session on request startup
session.cookie_lifetime   = 0       ; lifetime in seconds of cookie
                                    ; or if 0, until browser is restarted
session.cookie_path       = /       ; the path the cookie is valid for
session.cookie_domain     =         ; the domain the cookie is valid for
session.serialize_handler = php     ; handler used to serialize data
                                    ; php is the standard serializer of PHP
session.gc_probability    = 1      ; percentual probability that the 
                                    ; 'garbage collection' process is started
                                    ; on every session initialization
session.gc_maxlifetime    = 60    ; after this number of seconds, stored
                                    ; data will be seen as 'garbage' and
                                    ; cleaned up by the gc process
session.referer_check     =         ; check HTTP Referer to invalidate 
                                    ; externally stored URLs containing ids
session.entropy_length    = 0       ; how many bytes to read from the file
session.entropy_file      =         ; specified here to create the session id
; session.entropy_length    = 16
; session.entropy_file      = /dev/urandom
session.cache_limiter     = nocache ; set to {nocache,private,public} to
                                    ; determine HTTP caching aspects
session.cache_expire      = 180     ; document expires after n minutes



-----------------------------

Other options in PHP.INI are default.

Please, try also set "session.gc_probability = 100" in PHP.INI and run these scripts from two browser windows (it simulates 2 connected users) and you will see how second user with other UID ovewrites session od the first user.

PHP: 4.0.1pl2
Tested OS: W2K PRO & SERVER
WWW: Apache 1.3.12 & IIS 5.0


Jiri Kori







 [2000-09-18 06:35 UTC] sniper@php.net
Please try php4.0.2 or preferrably latest CVS or snapshot.

--Jani
 [2000-10-12 20:48 UTC] kori_mail at hotmail dot com
I'm sorry I can't test the snapshots because I haven't MS VC++.

I tested the latest release version 4.0.3 with my sample scripts and the same PHP.INI's setting I post with my previous comments.

I'm sorry,  there are still ALL errors I reported before.

Calling Session_Destoy() function wrote:  Warning: Session object destruction failed in c:\www\session\destroy.php on line 7

I found a new bug, maybe :-)  When the "session.use_trans_sid = 1", SID is attached to all IMG tags in script also.

For example <img src="image.gif" width="100" height="80" alt=""> is after execution of the script changed to <img src="image.gif?uid=e7ad41c1e3fc6d775886a520ee4a6e50" width="100" height="80" alt="">.



OS: Windows 2000 server with SP1
PHP: 4.0.3 php4isapi.dll with IIS or PHP.EXE with Apache 3.1.12
PHP.INI-DIST included in 4.0.3 ZIP file with session settings:

[Session]
session.save_handler      = files   ; handler used to store/retrieve data
session.save_path         = C:/WINNT/Temp    ; argument passed to save_handler
                                    ; in the case of files, this is the
                                    ; path where data files are stored
session.use_cookies       = 0       ; whether to use cookies
session.name              = PHPSESSID  
                                    ; name of the session
                                    ; is used as cookie name
session.auto_start        = 0       ; initialize session on request startup
session.cookie_lifetime   = 0       ; lifetime in seconds of cookie
                                    ; or if 0, until browser is restarted
session.cookie_path       = /       ; the path the cookie is valid for
session.cookie_domain     =         ; the domain the cookie is valid for
session.serialize_handler = php     ; handler used to serialize data
                                    ; php is the standard serializer of PHP
session.gc_probability    = 1 (OR 100)       ; percentual probability that the 
                                    ; 'garbage collection' process is started
                                    ; on every session initialization
session.gc_maxlifetime    = 1440    ; after this number of seconds, stored
                                    ; data will be seen as 'garbage' and
                                    ; cleaned up by the gc process
session.referer_check     =         ; check HTTP Referer to invalidate 
                                    ; externally stored URLs containing ids
session.entropy_length    = 0       ; how many bytes to read from the file
session.entropy_file      =         ; specified here to create the session id
; session.entropy_length    = 16
; session.entropy_file      = /dev/urandom
session.cache_limiter     = nocache ; set to {nocache,private,public} to
                                    ; determine HTTP caching aspects
session.cache_expire      = 180     ; document expires after n minutes
session.use_trans_sid     = 0       ; use transient sid support if enabled
                                    ; by compiling with --enable-trans-sid
                                    
----------------------------                                    

Please, try my sample scripts I post with my previous comments...


--Kori
 [2000-11-01 05:33 UTC] dbeu@php.net
can you please try a actual dev version, i.e. from www.php4win.de an report which problems are still persistent?
 [2000-11-01 16:07 UTC] kori_mail at hotmail dot com
I tested PHP version php4.0.4-dev-win32-20001022 with my sample scripts and there is my results:

Corrected bugs:

1) Session_Destroy() functions works fine. Session files are successfully deleted from Temp directory.
2) When "session.use_trans_sid = 1", SID is attached only to A HREF, FORMS, etc tags and is not attached to IMG tags. It's OK.

Open bugs:

1) "session.gc_maxlifetime" does not work - I set this to 60 sec, but I can read values from the session even this time was expired. (I start the session and then I wait more than 60 sec before I will call other script)

2) When I set "session.gc_probability = 100"  in PHP.INI, ALL other session files are deleted (only one session can be used at the time - if are connected 2 clients to server, the second client owerwrites or deletes session of the first client, etc.). 
This bug is maybe related to "session.gc_maxlifetime" bug.

------------------------

Tested OS: W2K server with SP1
Web server: Apache 3.1.12 
PHP: php4.0.4-dev-win32-20001022 (CGI)


Session settings in my PHP.INI
---------------------------------------
[Session]
session.save_handler      = files   ; handler used to store/retrieve data
session.save_path         = C:/WINNT/Temp    ; argument passed to save_handler
                                    ; in the case of files, this is the
                                    ; path where data files are stored
session.use_cookies       = 0       ; whether to use cookies
session.name              = PHPSESSID  
                                    ; name of the session
                                    ; is used as cookie name
session.auto_start        = 0       ; initialize session on request startup
session.cookie_lifetime   = 0       ; lifetime in seconds of cookie
                                    ; or if 0, until browser is restarted
session.cookie_path       = /       ; the path the cookie is valid for
session.cookie_domain     =         ; the domain the cookie is valid for
session.serialize_handler = php     ; handler used to serialize data
                                    ; php is the standard serializer of PHP
session.gc_probability    = 100       ; percentual probability that the 
                                    ; 'garbage collection' process is started
                                    ; on every session initialization
session.gc_maxlifetime    = 60    ; after this number of seconds, stored
                                    ; data will be seen as 'garbage' and
                                    ; cleaned up by the gc process
session.referer_check     =         ; check HTTP Referer to invalidate 
                                    ; externally stored URLs containing ids
session.entropy_length    = 0       ; how many bytes to read from the file
session.entropy_file      =         ; specified here to create the session id
; session.entropy_length    = 16
; session.entropy_file      = /dev/urandom
session.cache_limiter     = nocache ; set to {nocache,private,public} to
                                    ; determine HTTP caching aspects
session.cache_expire      = 180     ; document expires after n minutes
session.use_trans_sid     = 0       ; use transient sid support if enabled
                                    ; by compiling with --enable-trans-sid
url_rewriter.tags         = "a=href,area=href,frame=src,input=src,form=fakeentry"

-----------------------------

Sorry for my bad English :-)

-- Kori
 [2000-11-27 08:59 UTC] sniper@php.net
You have only misunderstood the meanings:

session.gc_maxlifetime -> Max lifetime of data. After
this time has elapsed data is considered being garbage.

session.gc_probability -> Percentual propability for
garbage cleaning to be executed. 

100% probability happens always.. 1% happens less often.

--Jani
 [2000-12-07 10:51 UTC] sniper@php.net
User feedback:
--------------

1) "session.gc_maxlifetime" does not work - I set this to 60 sec, but I can read values from the session even this time was expired. (I start the session and then I wait
more than 60 sec before I will call other script)

2) When I set "session.gc_probability = 100"  in PHP.INI, ALL other session files are deleted (only one session can be used at the time - if are connected 2 clients to
server, the second client owerwrites or deletes session of the first client, etc.). 
This bug is maybe related to "session.gc_maxlifetime" bug.
---------------

I tried this myself on Linux -> Works as expected.
But as I don't have any Windows to test this on,
I just have to trust the user that this isn't working..

User tested with php4.0.4-dev-win32-20001123

Could someone using Windows try and check this out??

--Jani


 [2000-12-09 20:20 UTC] jmoore@php.net
Verified on WIn 2k IIS 5, ISAPI dll.

Jani & I checked this was the case on my system too. we think it appears to be releated to atime and ulink (We think..)

James


 [2001-11-25 07:26 UTC] mfischer@php.net
Is this still the behaviour of the latest RC?

http://phpuk.org/~james/php-4.1.0RC3-win32.zip

Feedback.
 [2001-12-16 07:24 UTC] sander@php.net
No feedback. Closing.
 [2002-03-31 02:43 UTC] bergmann at evisio dot de
The reported errors are still in verson 4.1.2.

System: w2k, CGI-version.
 [2002-03-31 02:56 UTC] yohgaki@php.net
It seems it never worked under windows.
Reopen
 [2002-03-31 03:49 UTC] bergmann at evisio dot de
After I tried about a week, by just setting the lifetime VERY high (40000 first), maybe I can give a hint:

With this very high value it worked, so I tried where exactly was the critical point. It was somewhat about 32000. Slightly below, all session files were deleted as described, slightly over not. But then the error reoccurred with the same value. 

After some tries I found out the following: I set back the time on the server one hour and it worked again. Here the times and the critical points:

At 9:24 local time : 30290 
At 10:28 : 34100

34100-30290=3810, which would be 63.5 minutes when interpretad as seconds, which is the server's time difference...

Since 10:28 means 37680 s since 0:00, there seems to be an additional hour - maybe due to GMT setting (+1) I thought, but it was the automatic daylight saving (or is it called summer time???) setting. When turned off, at 9:45 the point was at 35100=9.75 hours...

I hope that helps... ;-)

-- mike
 [2002-07-10 05:10 UTC] jerome dot billet at hcuge dot ch
I've exactly the same problem with Windows 2000, php 4.2.0 and apache 1.3
 [2002-08-16 21:03 UTC] rasmus@php.net
I really don't see anybody with any interest in writing code to make this work on FAT filesystems.  Don't run web servers on crap filesystems.  If you do, write your own session handler.  Same goes for filesystems where file modification timestamps are ignored.  Write your own session handler and manage the garbage collection yourself.  We'll need to document this, of course, so marking this as a documentation problem.
 [2002-08-16 21:32 UTC] rasmus@php.net
The fact that the filebased session handler needs a filesystem with atime support has now been documented.
 [2002-10-01 04:08 UTC] corneliu dot galev at cefin dot com
I did some testing as Mike did ([31 31 Mar 3:49am] bergmann@evisio.de) and I try to see what is the exact value to be set for gc_maxlifetime to work in my sistem.

BTW I use win2000+iis5+php4.2.2.

I was very surprised to see that value 37000 worked for a period of time but later the minimum was 38000 and so on.
So it's something related to sistem time not files(to be considered garbage) In fact garbage control in windows work like this:

at gc_maxlifetime seconds from midnight all other session files are deleted - definitly a bug.

Corneliu
 [2002-12-11 10:13 UTC] dcolomvakos at arsystemsweb dot com
I experienced this problem with session_destroy() running PHP 4.2.3 on Windows 2000 Server SP3 and IIS 5.0.

The issue was indeed FAT vs NTFS, but not just because of the file system, but because I had not given my INET_computername account MODIFY access to the sessiondata directory.  

This is documented on php.net, however I somehow missed it when I first assigned permissions to the sessiondata directory (I initally put only  Read & Execute, List, Write and Read)
 [2003-06-20 13:00 UTC] omar at perio dot unlp dot edu dot ar
I have the same problem that you, but in linux(Red Hat) and I am sure that he is bug so that in previous versions walked well, script, somebody can give a hand me?

it excuses by my ingles
 [2004-03-09 00:42 UTC] prak_ask at hotpop dot com
i have a problem i am unable to set the session life time 2 based on conditions session.gc_maxlifetime to 3600 and session.gc_maxlifetime to 1800 in the ini_set.
But i was able to set it through .htaccess file to one time only. any body can help. I am running winXP php 4.3.2 runs as module.
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Sun Oct 17 05:03:32 2021 UTC