You can alter PHP's default session-handling behavior in a number of ways.
The php.ini file contains several configuration directives that you can alter:
| Directive | Description |
|---|---|
| session.cookie_lifetime | How long the session cookie should last for (in seconds). The default is zero, which expires the cookie when the browser is quit. |
| session.cookie_path | The path field for the session cookie. Defaults to " /" (the entire site). |
| session.cookie_domain | The domain field for the session cookie. Defaults to " " (the current server). Change this if you want the session to be available to more than one host in the same domain. |
| session.cookie_httponly | The HttpOnly field for the session cookie. Defaults to false. Change this to true if you want to prevent JavaScript from accessing the session cookie. |
| session.auto_start | Defaults to false. Change it to true, and PHP automatically starts a session the moment your script starts executing |
You can either alter these directives directly in your php.ini file, if you have access to it.
Or you can set them on a per-script basis using the ini_set() PHP function:
ini_set(" session.cookie_lifetime" , 1200); // Set session timeout to 20 minutes