go to bug id or search bugs for
With the following session configuration, I get the desired 2 hour sessions in PHP7.0 — but in PHP7.1, sessions seem to be limited to a much shorter time, e.g. 900–1440 seconds, despite my attempt to reconfigure this: PHP7.1 seems to be ignoring my instructions about how long sessions should last for! I realise that session garbage collection has been changed. Is there a bug in PHP, or have I forgotten to configure something in the new system?
\ini_set('session.use_strict_mode',1); \ini_set('session.gc_maxlifetime',7200);//2 hour sessions
\ini_set('session.hash_function','sha256');//Does nothing in PHP7.1
\ini_set('session.hash_bits_per_character','4');//Does nothing in PHP7.1
Sessions should last for 2 hours (7200s).
Sessions last for ≤1440 seconds before garbage collection occurs, which logs out users before they can complete certain actions, e.g. completing extended psychometric profile questionnaires (large HTML forms).
Add a Patch
Add a Pull Request
Have you tried changing the INI file directly, rather than at runtime?
doing that with ini_set() is flawed by design - you can't expect any useful behavior when some scripts use the ini-settings, some per vhost and others mange with ini_set() because the workers are shared between all the incarnations of settings and so you are playing finally lottery
what do you think happens when the next request handles a different script and hat has a lower value - GC is started and your sessions from other requests are purged too
hence normally it should be prohibited (php_admin_value in the vhost config which no longer allows to change values from scripts) and when you have different settings for vhosts each of them has tu ose it's own exclusive session_save_path
anyways, it's a poor "to work out of the box" default select a radnom wroker which has to handle a request for cleaup a directory with probably many thousand of files and so on serious production machines the session GC of PHP is disabled at all and the cleanup done with cronjobs calling something like "find /var/www/sessiondata -type f -mmin +30 -delete" which under load also makes sure that "session.gc_probability" hits probably a dozen of processes doing concurrent cleanup - set it to 0 and do it proper with a cronjob
You didn't mention your OS, but i am sure it is related to Debian/Ubuntus session cleanup script. It scans the PHP.ini for the session.gc_lifetime and deletes all files older than that from the session directory. That means you must change this variable in php.ini and not with ini_set to really increase it.
Closing as not a php bug, probably related to distribution sessionclean cronjob script. Please re-open if this is wrong assumption.
No Debian/Ubuntu anywhere near this installation. It runs CentOS+cPanel. I will do some more tests in the next 4-6 weeks...