-1

I have a simple question to which I couldn't find the answer on this page:

https://codeigniter.com/userguide3/libraries/sessions.html#how-do-sessions-work

That is why I ask it here.

But first, let's assume that session will expire in 600 seconds (10 minutes).

So, when the session cookie will actually expire?:

  1. from the first time I open a Codeigniter website and use it for 10 minutes, or
  2. 10 minutes after I stop opening pages on that website

Another question if the answer is 1:

  • Can I somehow extend the session every time the user access the website?

Another question if the answer is 2:

  • what is happening with sess_time_to_update? Can I extend the life of session_id to match the life of the session too?
Dejan Dozet
  • 948
  • 10
  • 26

1 Answers1

1

Assuming $config['sess_expiration'] = 600; (10 minutes), the session cookie will expire 10 minutes after the last time you accessed the page, or "answer 2" as you called it.

sess_time_to_update controls how long before the session ID is changed, but that has nothing to do with expiration and is entirely transparent to you and/or the user - the ID itself will be changed for security purposes, but all other attributes will be preserved.
The "life of session_id" and "life of the session" are one and the same thing; there will never be a mismatch between them. A file or database record of the expired session may remain for a bit on the server, until the garbage collector clears it up, but without an ID stored in the cookie you effectively have no active session.

Narf
  • 14,600
  • 3
  • 37
  • 66
  • Thanks! I've just found this answer that completes everything I need to know about this. https://stackoverflow.com/a/13975987/4541566 – Dejan Dozet May 07 '22 at 21:23
  • 1
    That one is 10 years old and doesn't describe how things currently work. The question itself describes a problem that no longer exists in PHP, while the answer likely refers to CI 2.x. Literally everything that `sess_time_to_update` does in CI3 is to determine when the ID is regenerated, nothing else. – Narf May 07 '22 at 22:21
  • Thank you once again, one thing that confused me and made me ask this question was actually sess_time_to_update and that CI is actually changing ID after that time. Other than that session mechanism is as I thought should be. – Dejan Dozet May 08 '22 at 09:53