PHP session expires prematurely about website HOT 4 CLOSED

Without knowing how you're doing this (and without the ability to spin this up locally), I can only offer advice for this.

So a couple questions:

1. What is the PHP INI values for session, namely session.save_path and session.gc_maxlifetime (http://php.net/manual/en/session.configuration.php).
2. Is there only one application running on this server or are several (and all using same/similar INI files).
3. What is the expected behavior here that you're looking for?

It's also important to note that sesssions are going to be expired based on the last time they were updated (ie. when did I login based on when $_SESSION gets set), so you most likely want to have a $_SESSION['last_action'] = time() on all pages that use $_SESSION (or that you want to keep the session alive). Or you could just set session.gc_maxlifetime to be 0 and then sessions will only expire on browser close.

from website.

The session.save_path is the default and we've played with session.gc_maxlifetime but I believe it's currently also the default. We don't have access to the ini file so it has to be done within the code and it crashes if we change the save path. We currently update the session cookies expiration with JavaScript. I believe I have tried playing with something similar to $_SESSION['last_action'] but without any changes. I believe other websites do in fact run on the same server and that their default garbage collect of 24 minutes ignores ours and just collects the cookie. We have since added a sessions table to the database and feel like implementing a database solution due to this weird behavior with the garbage collector. The code is supposed to make it so the user has a persistent session if they were active within 5 days and if they haven't been active for 5 days make them login again.

from website.

We currently update the session cookies expiration with JavaScript.
That won't affect PHP cleaning up the session file (as it's only getting modified once on login) on the server and leaving you with a cookie that points to nothing.

But assuming you can't change session.save_path and you're on a server that hosts other PHP sites that also use sessions, then using DB based sessions is the only thing you could do to allow for longer login sessions. The upside here though is you can make sessions that survive the browser being closed.

from website.

The sessions were surviving the browser being closed it just meant that after 24 minutes php deleted the session variables so the session id pointed to a session object with nothing in it.

from website.