Sometimes you might want to greatly increase the length of time before the sessions timeout on your website/web application. I recently came across this issue when one of my clients logged into his web application, then went away for an hour or two and then came back and had to log on again. He was annoyed when he always had to log back in again if he left his PC for longer than 24 minutes which is the default session timeout value.

No problems I said to myself I will just increase the session time out in php.ini, session.gc_maxlifetime is the correct configuration variable I have to edit.

Not so fast, this is a shared hosting environment so I don’t have access to be able to edit this particular variable.

The Solution

You can override php.ini settings by adding a directive in your .htaccess file. Add the following:
php_value session.gc_maxlifetime 18000
This will increase the length of time to 18000 seconds or 6 hours.

In my case I also had to update the session.save_path value as well. Sessions are stored as files in a folder specified by that path. If another shared site on that server goes through and clears out sessions that are more than 24 minutes old, it may remove yours as well. A unique save_path was be the solution my case. I added the following to the .htaccess file:
php_value session.save_path /home/webroot/session_files I created a folder called session_files in my websites root folder.

Now even though my client is on a shared hosting environment the session timeout has been increased to 6 hours.