Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:25402
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Received-SPF: error (pb1.pair.com: domain interjinn.com from 66.11.173.122 cause and error)
To: Peter Brodersen <penguin@php.net>
Cc: internals@lists.php.net
In-Reply-To: <2hske21deqskguop9rb66gtrg7mf58t21a@4ax.com>
References: <20060816123006.4028b334@pierre-u64>
	 <2hske21deqskguop9rb66gtrg7mf58t21a@4ax.com>
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
Organization: InterJinn
Date: Mon, 21 Aug 2006 23:26:18 -0400
Message-ID: <1156217178.717.13.camel@blobule>
Mime-Version: 1.0
Subject: Re: [PHP-DEV] session.gc_maxlifetime default value
From: robert@interjinn.com (Robert Cummings)

On Tue, 2006-08-22 at 04:56 +0200, Peter Brodersen wrote:
> On Wed, 16 Aug 2006 12:30:06 +0200, pierre.php@gmail.com (Pierre)
> wrote:
> 
> >I would suggest to increase the default 8M to 12M. I discussed this
> >issue with Dmitry and he agrees on the principle. Any other opinions?
> >Or is it fine to increase it?
> 
> Just out of curiousity regarding default values and slightly
> off-memory_limit-topic:
> 
> session.gc_maxlifetime has a default value of 1440 (as of revision 1.2
> of php.ini-dist where it was introduced). Obviously some value has to
> be the default value, but 1440 seconds seem as a peculiar value. 24
> minutes is not a rounded value such as 1 day (86400 secounds) would
> be.
> 
> I'm only guessing, but is it possible that this default value was
> added with the idea that the value was specified in minutes, not
> seconds (as 1440 minutes equals 1 day)? The current php.ini-dist
> mentions correctly that it equals 24 minutes (per 1.162).
> 
> 
> I would like this default value to be globally changed from 1440 to
> 86400. I think that the 24 minute "timeout" limit would and does
> confuse developers and users with spurious "suddently my session
> disappeared, but I didn't close my browser" issues.
> 
> I believe that it is more easy and nice for a web developer to discard
> a session in a system with a high gc_maxlifetime than to keep a
> session alive (e.g. having the page access a php resource every couple
> of minutes using javascript).

The short duration is to help ensure better privacy. It means that if
you leave a computer and forget to close down the browser then snoopy
people only have 24 minutes to access anything you left behind.

24 minutes is probably some value that lies between irritatingly quick
session expiry and overly long session lifespans -- at least for a
default value.

Cheers,
Rob.
-- 
.------------------------------------------------------------.
| InterJinn Application Framework - http://www.interjinn.com |
:------------------------------------------------------------:
| An application and templating framework for PHP. Boasting  |
| a powerful, scalable system for accessing system services  |
| such as forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for       |
| creating re-usable components quickly and easily.          |
`------------------------------------------------------------'