I’m using 24 hour sessions at the moment to keep users logged in, if they browse to another page of the site after 30 minutes of the session starting then the session will be regenerated to extend the session expiration time to time() + 24 hours.

I am using php.ini to ensure only cookie sessions are used and altered their default save time to just over 24 hours:

session.gc_maxlifetime = 90000
session.cookie_lifetime = 90000
session.use_trans_sid = 0
session.use_only_cookies = 1

I use the following to being a session:

session_save_path("/home/user/sessions");
session_set_cookie_params("86400", "/");
session_name("auth");
session_start();

but at the moment my sessions seem to get lost within the first hour. The cookie auth is still there but it doesn’t seem to link to the information that was stored when the session was made:

$_SESSION['userId'] = $row[0];
$_SESSION['created'] = time();

This leads me to think that the regeneration part is somehow incorrect?

To regenerate a cookie after 30 minutes I am using:

if($_SESSION['created'] + 30 * 60 < time())
{
    session_regenerate_id();
    $_SESSION['created'] = time();
}

Does the above code need to have some way to keep the session id after regeneration?

Like:

$sid = session_id();
session_regenerate_id();
session_id($sid);
session_start();

or is this not necessary? Are there any other reasons my sessions could be getting lost/mixed up?