Understanding The Life Of A Session In Yii

Hi all,

i’m new with yii framework and i trying understand session handling. After a day of read a lot of information I need somebody confirm if something is wrong.

Default configuration.

In config file /protected/config/main.php are not mention about session. I suppose that a default config is loaded if a session element is not define in ‘components’ array.

I finded a larry: larryullman.com/2011/05/03/using-sessions-with-the-yii-framework/

Attributes by default session component are:

autoStart, which defaults to true (i.e., always start sessions)

cookieMode, with acceptable values of none, allow, and only, equating to: don’t use cookies, use cookies if possible, and only use cookies; defaults to allow

cookieParams, for adjusting the session cookie’s arguments, such as its lifetime, path, domain, and HTTPS-only

gCProbability, for setting the probability of garbage collection being performance, with a default of 1, as in a 1% chance

savePath, for setting the directory on the server used as the session directory, with a default of /tmp

sessionName, for setting the session’s, um, name, which defaults to PHPSESSID

timeout, for setting after how many seconds a session is considered idle, which defaults to 1440

The elements ‘savePath’ and ‘sessionName’ are defined by php.ini configuration and not '/tmp/ and name PHPSESSID. For example, in my case add “sess_” to begin of PHPSESSID and path is “/var/lib/php5/”

It’s recommended to change savePath to a directory within site.

We have the possibility of store session data in a database. Add a component ‘session’ with this code:

‘session’ => array (

'class' => 'system.web.CDbHttpSession',

'connectionID' => 'db',

'sessionTableName' => 'actual_table_name',


When the user logout we need remove session with Yii::app()->session->clear() or Yii::app()->session->destroy().

But if session expired, does a handler exist that clear or destroy session in both cases (file and database sessions)? I suppose that in file option, php destroy a expired session but in bbdd option, do i need control session time? This implies update time in every http request. In case of expired session a new action of user return a expired session response. If no action of user, the session is stored indefinitely. How fixed this case?

In php documentation we can set a handler for destroy session:


If a app show how many users are on line, we need a handler for run a code that change user status to offline. How can we to set a handler in yii for this?