How the PHP session garbage collector really works
Sessions in PHP are easy to handle, but have a tricky configuration underneath. The common opinion is, that when you close your browser, the session is gone. Actually, it’s a little bit more complicated: Have a look on these 3 lines in your php.ini:
session.gc_maxlifetime = 3600 session.gc_probability = 1 session.gc_divisor = 1000
session.gc_maxlifetime says: 3600 seconds (1 hour) after session initialization, PHP will mark this session as “outdated” and flag it as “ready to delete”. The session still exists after 1 hour! But it’s not deleted. The deletion process of all outdated and ready-to-delete file is called “garbage collection” (process), and it’s triggered – with a specific probability – when another user comes to your page and PHP has to compile something. This probability is calculated by session.gc_probability divided by session.gc_divisor. Yeah, a little bit weird, but the people behind PHP have thought about this, and there are reasons for this behaviour.
Have a look on this excellent answer on StackOverflow to read more about this topic: How do I expire a PHP session after 30 minutes?. So in general it means, that when you close your browser and open it again, and are still logged in, it has to do with PHP’s session gargabe collector process. This might happen quite often on low-traffic sites or while you are developing locally.
Random articles
PHPStorm: 42 Tips and Tricks (47min video talk by Mikhail Vink at Dutch PHP Conference 2015)
What’s new in PHPStorm 9
Experimenting with HHVM at Etsy (Link)
Dangerous Performance Myths in the Web (video talk by Thomas Lohner, PHPUG Latvia)
Install MINI in 30 seconds inside Ubuntu 14.04 LTS- MINI2, an extremely simple barebone PHP application on top of Slim
- MINI, an extremely simple barebone PHP application
How to setup / install PHP 5.6 on Ubuntu 14.04 LTS
Support FLARUM, the future of PHP forum scripts (with some dollars on Kickstarter)