[skunkbad]

I've been digging through the CI3.1.5 Session.php file, and come across this:

PHP Code:

// Another work-around ... PHP doesn't seem to send the session cookie
// unless it is being currently created or regenerated
elseif (isset($_COOKIE[$this->_config['cookie_name']]) && $_COOKIE[$this->_config['cookie_name']] === session_id())
{
    setcookie(
        $this->_config['cookie_name'],
        session_id(),
        (empty($this->_config['cookie_lifetime']) ? 0 : time() + $this->_config['cookie_lifetime']),
        $this->_config['cookie_path'],
        $this->_config['cookie_domain'],
        $this->_config['cookie_secure'],
        TRUE
    );
} 


And then see that PHP has a runtime config "session.lazy_write" which is described as:

session.lazy_write, when set to 1, means that session data is only rewritten if it changes. Defaults to 1, enabled.

Which seems like if set to 0 might be similar for PHP 7.0+. Am I wrong? Is the behavior of lower versions always lazy, and that's why the work-around exists? I'm just kind of curious as to why the work-around or non-lazy writing would be desirable. What's the reason why the work-around is needed?

[Narf]

This is not a work-around for lazy_write ... the two things have literally nothing in common.

lazy_write affects server-side storage writes, and CI implements that behavior regardless of the setting or PHP version (that's what the _fingerprint property is for).

[skunkbad]

OK. Why is that work-around needed? I just want to understand.

[Narf]

Well, let's say you have set the expiry time at 1 hour. Without this, your session cookie will expire exactly 1 hour from its creation, even if your last activity was in the 59th minute.

[skunkbad]

Interesting. Thanks for the explanation. I am totally understanding now.