Home/ Questions/Q 7840273
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-02T15:43:32+00:00

we have set session_gcmaxlife=5 in php.ini but session variable on server are not destroyed

  • 0

we have set
session_gcmaxlife=5
in php.ini but session variable on server are not destroyed after 5 seconds

We want to set the maximum life of the session in PHP to be 5 seconds.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    OK – to me a 5 second session sounds rather pointless (as a session is supposed to maintain the application state in a stateless application… yeah).

    Your best bet is to probably save an expiry timestamp (time() + 5 seconds) in the session, something like $_SESSION['expires'] – then whenever you start a session, check to see if that variable exists and, if so (and is in the past), kill the session off and start again.

    [EDIT]

    This is one other possibility that might work, but you’d need to create an object to manage your session – then you could have a kill() method that could be invoked if the session has expired and in the __destruct() method – it’s not fullproof as the destructor will only be invoked when the object is destroyed – but it should work.

    class Session {

  private static $_instance;

  //private constructor to prevent external instantiation
  private function __construct($sSessName, $sSavePath, $iGCLifetime, $sCookieDomain, $sCookiePath) {

    //session parameters
    ini_set("session.save_path", $sSavePath);
    ini_set("session.gc_maxlifetime", $iGCLifetime);
    ini_set("session.use_trans_sid", false);

    //session cookie parameters
    ini_set("session.use_cookies", true);
    ini_set("session.use_only_cookies", true);
    ini_set("session.cookie_domain", $sCookieDomain);
    ini_set("session.cookie_path", $sCookiePath);
    ini_set("session.cookie_lifetime", 0);

    //set the session name
    session_name($sSessName);

    //set the session cookie paramaters
    session_set_cookie_params(0, $sCookiePath, $sCookieDomain);

    //start the session
    session_start();

    //check to see if the session has expired - and if so kill it
    if(isset($_SESSION['expires']) && time() > $_SESSION['expires']) {
      $this->kill();
    }

    //if not - set the expiry time in the session
    else {
      $_SESSION['expires'] = time() + 5;
    }
  }

  //destructor function _should_ kill the $_SESSION when the object is destroyed
  public function __destruct() {
    $this->kill();
  }

  //session killer
  public function kill() {
    //kill the session cookie
    setcookie(session_name(), null, time()-3600);

    //kill the session
    session_unset();
    session_destroy();
  }

  //Singleton instance getter
  public function getInstance() {
    if(!self::$_instance) self::$_instance = new self();
    return self::$_instance;
  }
}
    • 0