From the CentreBlog today, there's an in-depth look at sessions as discovered by resolving a problem of prematurely expiring sessions on their apps.
It started about two weeks ago, with no discernable changes to our configuration that could be responsible. So to understand what was necessary to track down this problem, we have to explore a little bit about how PHP session data storage and expiration works.
They share some of their discoveries, including:
- the session.save_path setting in the php.ini tells the scripts where the sessions go
- garbage collection in PHP checks for sessions older than the session.gc_maxlifetime setting to remove
- but sessions were still expiring too early