The answer to this question and the answer to any question on

"Can I override a php configuration directive and where can I override it?"

is in an appendix [php.net] of the PHP manual pages. It is really difficult to find at times, but I've found that if I just remember that some of the directives can be overridden using the ini_set() [php.net] function, the link to the appendix is on that page. Hope this helps for future reference.

Regarding session expiration, you control that. The PHP Session Handling [php.net] manual pages probably explain it best. Pay particularly close attention to the session.gc* configuration directives. Here are some relative threads will really help a lot:

session not timing out [webmasterworld.com]
Sessions - Timeout [webmasterworld.com]
session_start(); time-out + security OK? [webmasterworld.com]
Session is timing out - how do I increase cookie time? [webmasterworld.com]

Thanks, Coopster.

Actually, it's just occurred to me that I may be confused about my use of sessions and cookies.

Although I do need to use sessions to keep track of some user data while my users are actively using my site, I also want to allow users to be automatically logged in whether they visit once a day or once a month, etc.

I assume it's best to use a cookie that doesn't expire to achieve this auto login feature and not a ridiculously long session expiry time. Correct?

It all depends I guess. If the access and/or content is touchy then I would force a login. If it is something like customizing the browsing experience like 'weather for your area', custom background colors, font sizes, layout, etc. then you could just store a cookie as you said.