I'm working on a website which requires the use of sessions. However the default value for the life of a session is 1440 seconds or 24 mins. I have tried to change this using ini_set() making sure to put the ini_set() before the session_start() and then checking it with ini_get(). The ini_get() returns the value I have set but the session still seems to follow the default rules set.
So is it possible for a host to lock out editing of the ini settings?
On
The awser is yes.
The php agent has 3 scopes.
1 System
This one effects all applications. Its the global.ini file. They can also disabling overwrites.
2 Perdir
This is your php.ini file. It only effects your directories. Here can you disable overwrites for the script scope and make overwrites in the system scope when allowed
3 Script
This is the
ini_setscope. It can overwrite the perdir & system scope when allowed
So is it possible for a host to lock out editing of the ini settings?
Yes they can disable overwrites in there system scope.
Short answer: possibly.
It could be that they've disabled use of
ini_setvia thedisable_functionsdirective in the global php.ini, however that doesn't explain the behavior you're seeing; the documentation isn't clear, but I'd expect it to throw an error if you called a disabled function, nor does it explain whyini_getreturns what you've previously set. It's also entirely possible they're running their own patched version of PHP that alters this behavior. Not unheard of, but unlikely.Things to try:
session_start)session.cookie_lifetime) and that your ini_set is definitely placed before session_start, or that you don't have another session_start somewhere else