When garbage cleanup runs, it clears sessions whose last-modified is expired (session.gc_maxlifetime).
(1): Are you talking about manually unsetting session vars? ... unset($_SESSION['var'])
(2): Bump up session.gc_maxlifetime
Shared servers - know that simply by bumping up session.gc_maxlifetime does not guarantee your sessions will last that long. On many shared servers, sessions for every account are stored in the same directory (/tmp). Even though your account has a 2hr session.gc_maxlifetime, some of your sessions may be deleted after 15minutes because somebody else's account has session.gc_maxlifetime set to 15min. Digg?
This is why if possible, its a good idea to ensure your sessions are stored in a non-web-accessible directory; but one where everybody else's aren't stored.
Me, each account on my server has its own tmp directory under their folder; For each account, I manually set the tmp directory through .htaccess. (Ex: /path/to/accountA/tmp/, /path/to/accountB/tmp)
How is the best way to set all this up so I can control the 2 things mentioned?
Custom php.ini, set it through .htaccess, or through PHP itself.
If you're wondering how to do it through htaccess, well: (this may or may not work, depending on your server config)
php_value session.save_path "/var/www/vhosts/accountA/tmp"
php_value session.gc_maxlifetime "10800"