PHP Session Configuration

PHP has several configuration directives to control session handling processes like session upload and URL rewriting. These are set with PHP configuration file php.ini. To know the values that are set we can use the phpinfo() function.

In this PHP tutorial, we are going to see about few important session configuration directives and their possible values.

PHP Session Configuration Directives

session.save_handler

• To set possible handlers to store and retrieve session data. These are,

  session.save_handler = files | mm | sqlite | user
  

• The default option files to handle session data. mm makes RAM handle session data. With SQLite option, SQLite database is used. Then with user option, we can have custom functions to handle the session.

session.save_path

• If the above session.save_handler is set as files, then we need to set the path of the directory where we want to have session data files. session.save_path the directive is used to set the path.
• We can also create subdirectories to let file storage module to store session files. And then, we should refer this directory path by specifying its depth. For example,

  session.save_path = "N;/path"
  

  where N is an Integer representing the depth of the subdirectory.

• PHP creates session files in the above location with the name as current session_id with sess_ prefix.
• We can set the session files mode by using,

  session.save_path = "N;MODE;/path"
  

  where MODE is an Octal value. The default mode is 600 (allows the owner to read and write).

session.use_cookies

This directive has 1 or 0 as its value to specify whether cookies are used to store session id or not.

session.use_cookies = 0 | 1

If 1 then cookies will be used to store session id. If not, the session id is preserved by using URL rewriting.

session.cookie_secure

It controls whether cookies are sent via secure connections or not. It will be set with ON | OFF values. The default is OFF.

session.use_only_cookies

By setting this directive cookies are used as the mandatory storage to preserve session id. It prevents session hijacking.

session.name

To specify the name of the session. PHPSESSID is the default name.

session.name = PHPSESSID

session.auto_start

We need to start the session before using PHP session function. This directive is used to start the session automatically on each page request. So, we need to set session.auto_start as 1.

session.auto_start = 0 | 1

If session.auto_start is 1, managing objects into session need further configuration. That is, the auto_prepend_file directive is used to refer corresponding class.

session.cookie_lifetime

This is used to set cookie lifetime. If it is set as 0, then cookie remains until browser restart.

session.cookie_path

To specify the path where the cookies will be valid.

session.cookie_domain

Similarly, to specify the domain in which the cookies will be valid.

session.cookie_httponly

This directive is on then it will stop client side scripts to access session id preserved in cookies.

session.gc_probability, session.gc_divisor

The values of these directives are used to calculate the probability of running garbage collection to clean up session data.

session.gc_maxlifetime

It has the max lifetime of the session id in seconds. If the session id reaches this limit, PHP will treat it as garbage and clear it.

session.cache_limiter

This directive controls cache headers sent to the client and proxies. The possible values are,

• none – stops sending cache headers to the client.
• nocache – default option; stop client or proxy to cache page content.
• private – allows the only client to cache page content.
• private_no_expire – No expire time is set with the cache header.
• public – allows both client and proxy caching.

session.cache_expire

• It specifies cache expiration time for session enabled pages in seconds.

  session.cache_expire = 120
  

• This directive need not be set if session.cache_limiter = nocache.

session.use_trans_sid

This directive is used to preserve session id by URL rewriting. As URL are shared among multiple users, maintaining session id in URL is risky. It causes multiple access with the same session_id at a time.

session.hash_function

This directive is used to choose the hash function to generate session id. 0 and 1 represents MD5 and SHA algorithms respectively.

Written by Vincy, a web developer with 15+ years of experience and a Masters degree in Computer Science. She specializes in building modern, lightweight websites using PHP, JavaScript, React, and related technologies. Phppot helps you in mastering web development through over a decade of publishing quality tutorials.

↑ Back to Top

• PHP
  • Learn PHP
  • PHP Introduction
  • PHP Basics
  • PHP Shopping Cart
  • Payment Gateway
  • Contact Form
  • PHP Login Registration
  • Comments System
  • Types, Variables & Operators
  • PHP Strings
  • PHP Arrays
  • PHP Functions
  • PHP OOPS
  • Event Management System
  • PHP Mail
  • PHP Forms
  • Advanced
  • PHP AJAX
  • RESTful API
  • PHP Databases
  • PHP Sessions and Cookies
    • PHP Session Vs Cookies
    • PHP Session Configuration
    • PHP Session Encode Decode
  • Error and Exception Handling
  • File Upload
  • File Import Export
  • Files and Directories
  • PHP Date Time
  • PHP XML
  • PHP CSV
  • PHP JSON
  • PHP Code Samples
  • Library
  • PHP Freelancer
• jQuery
• JavaScript
• WordPress
• MySQL
• CSS

• Share
• Tweet
• Share

1. Simple PHP Shopping Cart
2. Stripe Payment Gateway Integration using PHP
3. User Registration in PHP with Login: Form with MySQL and Code Download
4. PHP Contact Form
5. How to Create Dynamic Stacked Bar, Doughnut and Pie charts in PHP with Chart.js