I am having some problems with session variables on an intranet web application. If the session times out, the session variable do not seem to clear nor does the session abandon. Does anyone have any ideas?
if you're using PHP, there's a variable called session.gc_maxlifetime which specifies the number of seconds after which data will be seen as 'garbage' and cleaned up. (reference: php.net [php.net])
now the problem with that is let's say user A starts a session at 1h00 and then leave for 45 minutes (and you previously set session.gc_maxlifetime to 30 minutes). Now technically what happens is that user A session data should be erased, but that will only happens if an other user let's call him user B, show up between 1h30 and 1h44. Otherwise, user A will still have access to it's old session data.