Hey,
I've been trying to figure out the design decision behind why the default
value of session.gc_maxlifetime is 1440 seconds (24 minutes)?
Does anyone know or have any good sources?
Best regards,
Markus
Hi Markus,
On Sat, Jan 31, 2015 at 4:02 AM, Markus Amalthea Magnuson <
markus.magnuson@gmail.com> wrote:
I've been trying to figure out the design decision behind why the default
value of session.gc_maxlifetime is 1440 seconds (24 minutes)?Does anyone know or have any good sources?
Because the author set this value, I think.
It was 1440 since session module is introduced, IIRC.
I think 1440 is reasonable value for many applications.
Regards,
--
Yasuo Ohgaki
yohgaki@ohgaki.net
Hey Yasuo,
Yes, there can surely be no other reason for the existence of the value,
than that someone wrote it :)
I think what I'm interested in is the reasoning behind it, since it seems
so arbitrary. It's not 20 or 30 minuts, for example.
I have tried emailing the author a long time ago but never received a reply.
Hi Markus,
On Sat, Jan 31, 2015 at 4:02 AM, Markus Amalthea Magnuson <
markus.magnuson@gmail.com> wrote:I've been trying to figure out the design decision behind why the default
value of session.gc_maxlifetime is 1440 seconds (24 minutes)?Does anyone know or have any good sources?
Because the author set this value, I think.
It was 1440 since session module is introduced, IIRC.I think 1440 is reasonable value for many applications.
Regards,
--
Yasuo Ohgaki
yohgaki@ohgaki.net
Well the number 1440 itself is not so arbitrary as it's the amount of minutes in a day. Maybe that's why the number popped up.
In the end 24 minutes does seem to be fine for the majority of people and with people that care about session duration it's really easy to update :)
Op 31 jan. 2015, om 11:45 heeft Markus Amalthea Magnuson markus.magnuson@gmail.com het volgende geschreven:
Hey Yasuo,
Yes, there can surely be no other reason for the existence of the value,
than that someone wrote it :)I think what I'm interested in is the reasoning behind it, since it seems
so arbitrary. It's not 20 or 30 minuts, for example.I have tried emailing the author a long time ago but never received a reply.
Hi Markus,
On Sat, Jan 31, 2015 at 4:02 AM, Markus Amalthea Magnuson <
markus.magnuson@gmail.com> wrote:I've been trying to figure out the design decision behind why the default
value of session.gc_maxlifetime is 1440 seconds (24 minutes)?Does anyone know or have any good sources?
Because the author set this value, I think.
It was 1440 since session module is introduced, IIRC.I think 1440 is reasonable value for many applications.
Regards,
--
Yasuo Ohgaki
yohgaki@ohgaki.net
Well the number 1440 itself is not so arbitrary as it's the amount of minutes in a day. Maybe that's why the number popped up.
In the end 24 minutes does seem to be fine for the majority of people and with people that care about session duration it's really easy to update :)
I like the idea of this being a 15+ year old "bug" where minutes were
used instead of seconds :)
Initial commits don't really give much of a hint to the thinking
behind it either it seems.
http://svn.php.net/viewvc/archived/php4.fubar/trunk/ext/session/session.c?r1=9519&r2=9520&pathrev=9520&;
http://svn.php.net/viewvc/archived/php4.fubar/trunk/php.ini-dist?r1=10922&r2=10923&pathrev=10923&;
/cc sas
Hi Leigh,
Well the number 1440 itself is not so arbitrary as it's the amount of
minutes in a day. Maybe that's why the number popped up.In the end 24 minutes does seem to be fine for the majority of people
and with people that care about session duration it's really easy to update
:)I like the idea of this being a 15+ year old "bug" where minutes were
used instead of seconds :)
session.cache_expire? It's minutes. Do you mean session.cache_expire should
be seconds?
session.gc_maxlifetime is second.
files/mm take it as seconds.
mod_files.c - master
295 /* check whether its last access was more than
maxlifet ago */
296 if (VCWD_STAT(buf, &sbuf) == 0 &&
297 (now - sbuf.st_mtime) > maxlifetime) {
298 VCWD_UNLINK(buf);
299 nrdels++;
mod_mm.c - master
458 limit -= maxlifetime;
459
460 mm_lock(data->mm, MM_LOCK_RW);
461
462 ehash = data->hash + data->hash_max + 1;
463 for (ohash = data->hash; ohash < ehash; ohash++) {
464 for (sd = *ohash; sd; sd = next) {
465 next = sd->next;
466 if (sd->ctime < limit) {
467 ps_mm_debug(("purging %s\n", sd->key));
468 ps_sd_destroy(data, sd);
469 (*nrdels)++;
470 }
471 }
472 }
Current session module does not keeping last update time and relayed on
probability based GC solely. gc_maxlifetime value does not have precise
meaning.
I proposed precise session data deletion in other thread. The same can be
done for precise session data expiration.
Regards,
--
Yasuo Ohgaki
yohgaki@ohgaki.net