|
378 | 378 | * Avoid using `.` in cookie names, as PHP will drop sessions from cookies with `.` in the name. |
379 | 379 | * - `cookiePath` - The url path for which session cookie is set. Maps to the |
380 | 380 | * `session.cookie_path` php.ini config. Defaults to base path of app. |
381 | | - * - `timeout` - The time in minutes the session should be valid for. |
382 | | - * Pass 0 to disable checking timeout. |
383 | | - * Please note that php.ini's session.gc_maxlifetime must be equal to or greater |
384 | | - * than the largest Session['timeout'] in all served websites for it to have the |
385 | | - * desired effect. |
| 381 | + * - `timeout` - The time in minutes a session can be 'idle'. If no request is received in |
| 382 | + * this duration, the session will be expired and rotated. Pass 0 to disable idle timeout checks. |
386 | 383 | * - `defaults` - The default configuration set to use as a basis for your session. |
387 | 384 | * There are four built-in options: php, cake, cache, database. |
388 | 385 | * - `handler` - Can be used to enable a custom session handler. Expects an |
|
391 | 388 | * and `DatabaseSession` engines. |
392 | 389 | * - `ini` - An associative array of additional 'session.*` ini values to set. |
393 | 390 | * |
| 391 | + * Within the `ini` key, you will likely want to define: |
| 392 | + * |
| 393 | + * - `session.cookie_lifetime` - The number of seconds that cookies are valid for. This |
| 394 | + * should be longer than `Session.timeout`. |
| 395 | + * - `session.gc_maxlifetime` - The number of seconds after which a session is considered 'garbage' |
| 396 | + * that can be deleted by PHP's session cleanup behavior. This value should be greater than both |
| 397 | + * `Sesssion.timeout` and `session.cookie_lifetime`. |
| 398 | + * |
394 | 399 | * The built-in `defaults` options are: |
395 | 400 | * |
396 | 401 | * - 'php' - Uses settings defined in your php.ini. |
|
0 commit comments