Best IT Recipes

Why is the standard session time 24 minutes (1440 seconds)?

I did some research on handling PHP sessions and typed session.gc_maxlifetime 1440 seconds. I was wondering why the standard value is 1440 and how is it calculated? What is the basis for this calculation?

How long does it make sense to have sessions? What are the minimum / maximum values ​​for session.gc_maxlifetime you would recommend? The higher the value, the more vulnerable the session capture web application is, I would say.

+76
security php session
Feb 05 '13 at 8:49
source share
2 answers

The real answer is probably very close to this:

For PHP3 days, PHP itself did not support the session.

But an open source library called PHPLIB, originally written by Boris Erdman and Kristian Koehntopp of NetUSE AG, provided sessions through PHP3 code.

The session lifetime was determined in minutes , not seconds. And the default life was 1440 minutes, or exactly one day. Here is this line of code from PHPLIB:

 var $gc_time = 1440; ## Purge all session data older than 1440 minutes.

Sasha Schuman was involved in the PHPLIB project from 1998 to 2000. Sure, he was familiar with the PHP3 session code.

Then PHP4 came out in 2000 with support for the native session, but now the lifetime has been indicated in seconds.

I bet someone never bothered to convert minutes into a few seconds. Probably the man was Sasha Schuman. Once he encoded it in the Zend engine, it became the default setting ( php.ini ).

+137
May 12, '16 at 3:36
source share

1440 is used in calculating time, turning seconds into hours / days.

  • 1 day = 24 hours (hours * 24 = 1 day)
  • day = 1440 minutes (minutes * 60 * 24 = 1 day)
  • day = 86400 seconds (seconds * 60 * 1440 = 1 day)

Example:

9 days [* 60] = 540 [* 1440] = 777600 seconds

The same is true in reverse order:

777600 seconds [/ 1440] = 540 [/ 60] = 9 days

-13
Jul 31 '14 at 13:41
source share


More articles:


All Articles