PHP Session Save

PHP Saving Sessions

To save sessions with PHP, the programmer has the option to store them in the default folder specified in the php.ini file, or to create a directory and store them there. Each method to save a session has its pros and cons. Meanwhile, the browser will store the PHPSESSID cookie and the php session variables will be stored where they are specified in the php.ini file; unless you make a custom path within your php file.

By default, PHP uses a file on the server called PHP.ini which is configured to automatically store sessions for a specific time period that will correspond to the cookie stored in the browser. The cookie in the browser called PHPSESSID matches the cookie to the stored sessions so the page knows where to find them on the server.

On many Linux web hosting applications, the default session expiry takes place after 24 minutes. The number can easily be changed by editing the php.ini file and changing 'session.gc_maxlifetime'. It starts with 1440 seconds which is 24 minutes. Changing it to 3600 would make the default session lifetime 1 hour. What does session expiry mean? This is the time for which the browser and user do not use a given web page. When a webpage is not used, the 'garbage time' is counted. Therefore, if your session expiry is 24 minutes and you leave you house for 23 minutes and come back to the web page, it operates as normal.

When you use the webpage, the session normally starts over. and time to run out begins when page page is not in usage. On the other hand, if you returned in 25 minutes and started to operate the web page, your session would have expired and you need to login again.

Custom Save Sessions

Somewhere along your programming, you may reach a point where you need to create sessions that override the default configuration in the php.ini file.

You could be using a shared host and have no control to change the php.ini file, or, you only want a specific application to have custom session expiry. PHP allows you the flexibility to alter the session time and to save sessions in a specific folder. The code below demonstrates how to set the session lifetime to 1 hour and to store sessions in a folder.

Here is how it goes. The ini_set() function sets the session lifetime to 1 hour. The session_save_path() function states where the session files will be stored. You can uncomment the $directory variable and echo $directory if you want to see the path for the current file.

The ini_set('session.gc_probability', 1) function and parameters keeps the garbage collection enabled. Then, the old standby 'session_start()' begins the session. Then, there are declared variables $session_begin and $session_end which are session variables that are created after the user logs in.

When the user logs in with the password 'test', 3 session variables are created; $_SESSION['mysession'], $_SESSION['begin'] and $_SESSION['end']. $_SESSION['begin'] and $_SESSION['end'] are UNIX timestamps. The $_SESSION['end'] is 1 hour later than $_SESSION['begin']; thus the (60 * 60) added to it.

Finally, the session variables get destroyed when they have a value greater than the current time. The time() function gets the current time.The if statement 'if($now > $_SESSION['end'])' will destroy the session when that time comes.

ini_set('session.gc_maxlifetime', 60*60); //1 hour
//echo ini_get("session.gc_maxlifetime"); 
//$directory = dirname(__FILE__); // this is /home/user/public_html/myfolder
//echo $directory;
ini_set('session.gc_probability', 1);

$session_begin = $_SESSION['begin'];
$session_end = $_SESSION['end'];

if($_POST['session'] == "test") {

$_SESSION['mysession'] = $_POST['session'];

if(!$session_begin || !$session_end){
$_SESSION['begin'] = time(); // taking now logged in time
$_SESSION['end'] = $_SESSION['begin'] + (60 * 60) ; // ending a session in 1 hour
$now = time();
echo $_SESSION['begin']."-".$_SESSION['end']."-".$now;
if($now > $_SESSION['end']){
echo "Session ended";

$now = time();
echo "<br/>".$_SESSION['begin']."-".$_SESSION['end']."-".$now;
if($now > $_SESSION['end']){
echo "Session ended";
}else{echo "<br/>Session still in progress";}

<form method ="post"action="<?php echo $_SERVER['PHP_SELF'] ;?>">
<input type = "text" name="session" value ="" />
<input type = "submit" name="submit" value ="Submit" />
New Session File:

The new session file is stores in the stored_sessions folder with a name like sess_i08fdukpmpu3dbuv9smncr60i3. You can view the file with Notepad.

Contents of session file: