Welcome to WebmasterWorld yomanfu,

the description of all php.ini values can be found on this page
[php.net...]

Thanks for the reply and the welcome!

I always read the php manual before asking questions... But it's unclear about session.cache_expire.

For my sessions management I currently use:
session.cookie_lifetime = 0
session.gc_maxlifetime = 7200

And it doest the work.
But I'd like to understand session.cache_expire!

to be honest I have never changed it and have never really played around with it. In some of my authentication I had trouble getting sessions to expire properly.

I have since added all expiration to my auth script. It sets a timestamp in the session and destroys the session if the difference between the stored timestamp and now is greater than 300 seconds. This method works flawlessly.

this setting is bound to "session.cache_limiter". these both control what kind of cache control the document (http) should have. per default it's "nocache". while using "nocache" as session.cache_limiter value, session.cache_expire has no effect.

if you're using the default settings you don't have to care about.

as written, this is an http issue. the setting should control what kind of headers are send to the client and possible proxies, because they handle caching of the document. but they only do if the cache control method is not "nocache" (as php setting, http header values differ here).

docs: http 1.1 header fields definition: cache-control [w3.org]

Thanks hakre!