I have an application that ideally should allow the user to log in and leave open until they either log out or close the browser. (I'm curious as to how facebook and others actually do this.) I understand how to set the timeout value for the gc_maxlifetime in the php.ini file and have done so. It's my understanding that when this timeout value is reached, the session variables will be wiped out. I'm currently using sessions and can live with the max timeout for now.

In my application after the time value has been reached and the user tries to use one of the features, the application appears to hang up because the session variables referred to are gone. According to the error.log, my $_SESSION['loggedIn'] variable is undefined. That makes sense and it would appear that I need to code to redirect the user to the login page. But when you refresh the window, the application fires back up and functions normally thereafter without having to log back in. And that's my confusion. How is this possible if the session variables are gone? I confirm that the PHPSESSID cookie still exists, but if the session variables are undefined...

Anyway, I'm at a loss. I've been reading up on the session cookie as well as gc_maxlifetime in both the forum and from outside sources. Before I implement a solution that, though not facebook-like yet, will get the task off my ToDo list, I'd like to understand what's going on here. If the user really has to log back in after the gc_maxlifetime count occurs, I can code for that, but I don't want them to be able to refresh the browser and keep going.

Thoughts, suggestions or direction on where to go for this info would be greatly appreciated.