A question with respect to Session Expiration in PHP.
I need my server to throw away session information if that user has been inactive for a while (for testing purposes, 5 seconds).
I’ve looked at this question and particular at the answer by Gumbo (+28 votes) and I’ve been wondering about the feasibility of this answer with respect to inactive users. On my site I already implemented this suggestion and it works fine, so long as the user requests some data at least once after the session expired. But the problem with inactive users is that they don’t request new data. So the expiration code is never called.
I’ve been looking at session.gc_maxlife and associated parameters in my PHP.ini, but I couldn’t make this work the way I wanted it to.
Any suggestions on this problem?
If you need to call specific expiration logic (for example, in order to update a database) and want independence from requests then it would make sense to implement an external session handler daemon that looks at access times of session files. The daemon script should execute whatever necessary for every session file that has not been accessed for a specified time.
This solution has two prerequisites: the server’s filesystem supports access times (Windows does not) and you can read files from session save path.