为什么标准会话生命周期是24分钟(1440秒) ?

我一直在研究 PHP 会话处理,遇到了1440秒的 session.gc_maxlifetime值。 我一直想知道为什么标准值是1440,它是如何计算的? 这个计算的基础是什么?

保持会话多长时间有意义? 您建议 session.gc _ maxlife 的最小/最大值是多少? 我得说,会话劫持价值越高,这个网络应用就越容易受到攻击。

35675 次浏览
小开

1440 is used in a time calculation turning seconds into hours/days.

  • 1 day = 24 hours ( hours * 24 = 1 day )
  • 1 day = 1440 minutes ( minutes * 60 * 24 = 1 day )
  • 1 day = 86400 seconds ( seconds * 60 * 1440 = 1 day )

Example:

9 days [* 60] = 540 [* 1440] = 777600 seconds

The same is true in reverse:

777600 seconds [/ 1440] = 540 [/ 60] = 9 days

小开
最佳答案

The real answer is probably very close to this:

Back during PHP3 days, PHP itself had no session support.

But an open-source library called PHPLIB, initially written by Boris Erdmann and Kristian Koehntopp from NetUSE AG, provided sessions via PHP3 code.

Session lifetimes were defined in minutes, not seconds. And the default lifetime was 1440 minutes, or exactly one day. Here's that line of code from PHPLIB:

var $gc_time  = 1440;       ## Purge all session data older than 1440 minutes.

Sascha Schumann was involved with the PHPLIB project around the period of 1998 to 2000. There's no doubt he was familiar with the PHP3 session code.

Then PHP4 came out in the year 2000 with native session support, but now the lifetime was specified in seconds.

I'll bet someone just never bothered converting minutes to seconds. It's probable that person was Sascha Schumann. Once that value was coded into the Zend engine, it became the configuration (php.ini) default as well.


提交答案