|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #74985 Session timeout limited to 1440 seconds!
Submitted: 2017-07-25 06:38 UTC Modified: 2019-03-04 21:04 UTC
From: matthew at slyman dot org Assigned:
Status: Not a bug Package: *General Issues
PHP Version: 7.1.7 OS: CentOS
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Bug Type:
From: matthew at slyman dot org
New email:
PHP Version: OS:


 [2017-07-25 06:38 UTC] matthew at slyman dot org
With the following session configuration, I get the desired 2 hour sessions in PHP7.0 — but in PHP7.1, sessions seem to be limited to a much shorter time, e.g. 900–1440 seconds, despite my attempt to reconfigure this: PHP7.1 seems to be ignoring my instructions about how long sessions should last for! I realise that session garbage collection has been changed. Is there a bug in PHP, or have I forgotten to configure something in the new system?

Test script:
\ini_set('session.use_strict_mode',1);		\ini_set('session.gc_maxlifetime',7200);//2 hour sessions
\ini_set('session.hash_function','sha256');//Does nothing in PHP7.1
\ini_set('session.hash_bits_per_character','4');//Does nothing in PHP7.1

Expected result:
Sessions should last for 2 hours (7200s).

Actual result:
Sessions last for ≤1440 seconds before garbage collection occurs, which logs out users before they can complete certain actions, e.g. completing extended psychometric profile questionnaires (large HTML forms).


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2017-08-12 14:45 UTC]
Have you tried changing the INI file directly, rather than at runtime?
 [2017-08-12 15:05 UTC] spam2 at rhsoft dot net
doing that with ini_set() is flawed by design - you can't expect any useful behavior when some scripts use the ini-settings, some per vhost and others mange with ini_set() because the workers are shared between all the incarnations of settings and so you are playing finally lottery

what do you think happens when the next request handles a different script and hat has a lower value - GC is started and your sessions from other requests are purged too

hence normally it should be prohibited (php_admin_value in the vhost config which no longer allows to change values from scripts) and when you have different settings for vhosts each of them has tu ose it's own exclusive session_save_path

anyways, it's a poor "to work out of the box" default select a radnom wroker which has to handle a request for cleaup a directory with probably many thousand of files and so on serious production machines the session GC of PHP is disabled at all and the cleanup done with cronjobs calling something like "find /var/www/sessiondata -type f -mmin +30 -delete" which under load also makes sure that "session.gc_probability" hits probably a dozen of processes doing concurrent cleanup - set it to 0 and do it proper with a cronjob
 [2019-02-28 19:56 UTC] kontakt at beberlei dot de
You didn't mention your OS, but i am sure it is related to Debian/Ubuntus session cleanup script. It scans the PHP.ini for the session.gc_lifetime and deletes all files older than that from the session directory. That means you must change this variable in php.ini and not with ini_set to really increase it.
 [2019-02-28 20:11 UTC]
-Status: Open +Status: Not a bug
 [2019-02-28 20:11 UTC]
Closing as not a php bug, probably related to distribution sessionclean cronjob script. Please re-open if this is wrong assumption.
 [2019-03-04 21:04 UTC] matthew at slyman dot org
-Operating System: +Operating System: CentOS
 [2019-03-04 21:04 UTC] matthew at slyman dot org
No Debian/Ubuntu anywhere near this installation. It runs CentOS+cPanel. I will do some more tests in the next 4-6 weeks...
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Sat Sep 19 10:01:24 2020 UTC