phpsession-timeoutsession-cookies

The question between session.gc_maxlifetime and session.cookie_lifetime


My first question in stackoverflow. Thanks in advance!

I am so confused about the PHP session mechanism. I have understand the session.gc_maxlifetime by PHP - ini_set('session.gc_maxlifetime', 5) - Why it doesn't end the session?. But I still don't know the difference between session.gc_maxlifetime and session.cookie_lifetime.

Question: What will happened if the time of session.cookie_lifetime is out? Will the session cookie be deleted from the client computer directly?

I need to figure this question, then continue to ask something further.


Solution

  • The cookie lifetime is transmitted to the client. If the cookie has reched its lifetime, the client usually deletes it. So it is client-side. Also the a session can be alive even after the cookie is gone, since you can create the same cookie again, epand its lifetime, or transmit the session-id via the uri.

    Hope that helps!