PHP :: Bug #75896 :: All versions of PHP since PHP4

Bug #75896	All versions of PHP since PHP4
Submitted:	2018-01-31 18:24 UTC	Modified:	2018-02-02 14:22 UTC
From:	php dot chaska at xoxy dot net	Assigned:
Status:	No Feedback	Package:	Session related
PHP Version:	7.2.2RC1	OS:	All
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please — but make sure to vote on the bug!

Your email address: MUST BE VALID
Solve the problem: 50 - 40 = ?
Subscribe to this entry?

[2018-01-31 18:24 UTC] php dot chaska at xoxy dot net

Description:
------------
The default value of 1440 seconds for session.gc_maxlifetime resulted from a copy-paste error many years ago.  It is inane and unsupported by any rationale. It has caused, and continues to cause, innumerable lost or wasted hours of coding, maintenance and debugging efforts on the part of PHP programmers around the world.

Please change the default value as shipped in php.ini and as documented, to something which makes any kind of sense.  I suggest a value of 3600, or one hour.  This is an easily understood value by people, and is a reasonable duration for a session before timeout.  There is no factual support for the idea that 24 minutes (1440 seconds) is a good value.  There may be arguments for other values -- e.g. 86400 for 1 day.  Feel free to research them.  Just pick something sane.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2018-01-31 18:25 UTC] php dot chaska at xoxy dot net

https://stackoverflow.com/questions/14703363/why-is-the-standard-session-lifetime-24-minutes-1440-seconds/37176824#37176824

[2018-01-31 18:32 UTC] spam2 at rhsoft dot net

if you ever hosted a high traffic site you would know what it means to have such high values like 3600 seconds - when you really need endless sessions it's way better to implement that with ajax while still have a low value

on the other side "session.gc" on serious servers is anyways disabled and the cleanup done with cronjobs base don mtime because with hundrets of request sper second the "gc propability" scanning folders with many thousand files don't scale 

*/5 * * * * apache /usr/bin/find /var/www/sessiondata -type f -mmin +15 -delete

[2018-01-31 18:36 UTC] peehaa@php.net

> It is inane and unsupported by any rationale. It has caused, and continues to cause, innumerable lost or wasted hours of coding, maintenance and debugging efforts on the part of PHP programmers around the world.

[citation needed]

[2018-01-31 18:37 UTC] peehaa@php.net

-Status: Open +Status: Feedback

[2018-02-02 14:22 UTC] peehaa@php.net

-Status: Feedback +Status: No Feedback

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sat Apr 20 01:01:28 2024 UTC