Article From:https://segmentfault.com/q/1010000013206911
Question:

phpIn the login, the user set up session_id and stored the specified path, there are token and other user information, the default expired time is 24 minutes, that is, the user is inactive within 24 minutes, session will be recycled, and the user will operate after 24 minutes.There is a reminder of the expiration of the session.
The above is the mechanism in the web site.

How to set up session correctly has been reached. When the user logs out or closes the browser, session will expire? That is to say, no matter whether the user is active after 24 minutes of default, session is always effective. Ask the big men to teach

Answer 0:

It is not recommended to adjust the session time to achieve this, which is actually a security problem.

The way I recommend is to automatically access the backend interface through JS on your front page to protect SESSION.

Brother, the Session of PHP will not fail automatically through time automatically. There is a configuration item:

gcTo control, it should be the number of requests to check the GC, in the production environment can improve performance, your test environment has not reached the number of requests for GC, so it will not check whether session is invalid.

Reference resources:
http://php.net/manual/zh/sess…

Answer 1:

sessionThe expiration date can be customized.
session.cookie_lifetime = 0Browser shutdown failure

Answer 2:

After the browser is closed, session failure has not been heard before. Usually it is empty browser session will fail.

Answer 3:

In addition, I set up before session_start ()
$lifeTime = 60;
session_set_cookie_params($lifeTime);
To test whether it is useful, but it seems that because of probabilities, it is found that it has not failed.

Leave a Reply

Your email address will not be published. Required fields are marked *