How can I change session.gc_maxlifetime at execution time on php 7.2?

Question

I want to change the session timeout if the user is signed in, if not(user is only visiting), the session should over early. Everything was working until I update from php 5.6 to 7.2, I know this newer version doesn't supports anymore this approach but it's impossible to teste $_SESSION variable before calling session_start(), right? My question is how can I do something like ini_set('session.gc_maxlifetime',900); after had called session_start() in php 7.2?

PS: I'm doing this because I'm seeing some bots access that are flooding the redis server with a sessions that takes long duration time, so I want clean it faster when it's a simple visit.

Session GC affects ALL sessions, not just the current one. My suggestion would be to detect the bots and not open a session for them in the first place. — Sammitch, May 19 '20 at 19:56

score 1 · Accepted Answer · answered May 20 '20 at 16:05

First of all, unfortunately, there is no way to call this function after session_start() in php 7.2 and also as Sammitch said, this function affects all sessions, not only the current session where the function was called.

Since my project is hosted at AWS, I solved the problem of bots by implementing a Web ACL in my load balancer and removed from my code all references of session.gc_maxlifetime.

How can I change session.gc_maxlifetime at execution time on php 7.2?

1 Answers1