hard coded session expiry

[nagrgk]

Hi

this latest codebase , Cm_RedisSession , read having hardcoded 3600*6 redis key expiry .
why this is hardcoded? it should be taking from magento admin cookie lifetime or maxlifetime from local.xml

[colinmollenhour]

The comment on that same line explains it. Also the git commit message (colinmollenhour/php-redis-session-abstract@8b94600).

[nagrgk]

Hi @colinmollenhour

yes there is comment but our expiration has to come from cookie management or from local.xml , max lifetime. this is something hardcoded and should not be 3600*6.

this does not seem to be right setting 5hrs for it

please explain

[colinmollenhour]

The expiration is set one when the session is read, and then when the process is finished and the session is written the expiration will be set again, to the proper value. So this is just a temporary value. If it is not set at all then if the page had a fatal error the session would never expire causing it to waste storage.

[nagrgk]

Hi @colinmollenhour ,
Thanks for your reply

as per my investigation with this session expiry, it was never set to actual value. it was set to 3600*6 always.

even in this place, I would suggest that it should be set to max_value or admin cookie value.

please check again on this because it is not working as expected.

[colinmollenhour]

It is working as expected for me.. E.g.:

127.0.0.1:6379> ttl sess_BkTaPwiWb,2c1Bh0r089gn1BlgsmlOlWq1VnJIpskQ4
(integer) 2591943

The session is written by the _writeRawSession method which definitely calls ->expire() so I don't see how this could not be working unless you have something causing your PHP process to exit ungracefully in which case session_write_close() may not be getting called, or you are using read-only. Please step through with a debugger and see if write is getting called.