Hi, I have set up my php application to store session data in a datbase by redefining, session_set_save_handler functions. The system seems to work fine, and I can see the sessions being stored in the database and being destroyed, however they do not seem to want to expire in the same way they used to when I wasn't storing them in the database. After 25 mins or so, the deafault expiration would kick in and when going to a page on the site the session would have expired. This is not happening now.I am using a shared host. Below is the code that I am calling on every page. <?php require_once("[database connection data]"); require_once('[session_set_save_handler functions]'); session_start(); /** * this redirects a non-logged in user to login.php * if logged in, nothing happens... */ function require_authentication($role = '') { $_SESSION['name'] = "MYSESSIONNAME"; $ok=true; if (!isset($_SESSION['agent']) OR ($_SESSION['agent'] != md5($_SERVER['HTTP_USER_AGENT'])) ) { $ok=false; } if ($ok) { if(isset($_SESSION['user_id'])) { // the session is valid and user is logged in. return; } } else { header("Location: login.php"); } exit(); // Quit the script. } Code (markup): I have tried adding the following lines and variations thereof, but to no avail: ini_set('session.gc_maxlifetime',5); ini_set('session.gc_probability',100); ini_set('session.gc_divisor',100) The following code is what I am using for sesssion_set_save_handler: <?php session_set_save_handler('_open', '_close', '_read', '_write', '_destroy', '_clean'); $_sess_db=false; function _open() { global $_sess_db; global $address, $username, $password, $database; $_sess_db = mysql_connect($address,$username,$password); if($_sess_db) { if(mysql_select_db($database, $_sess_db)) { } else { echo mysql_error($_sess_db); } return true; } else { echo mysql_error($_sess_db); } return false; } function _close() { global $_sess_db; return mysql_close($_sess_db); } function _read($id) { global $_sess_db; $id = mysql_real_escape_string($id, $_sess_db); $sql = "SELECT data FROM sessions WHERE id = '$id'"; if ($result = mysql_query($sql, $_sess_db)) { if (mysql_num_rows($result)) { $record = mysql_fetch_assoc($result); return $record['data']; } } return ''; } function _write($id, $data) { global $_sess_db; $access = time(); $id = mysql_real_escape_string($id,$_sess_db); $access = mysql_real_escape_string($access,$_sess_db); $data = mysql_real_escape_string($data,$_sess_db); $sql = "REPLACE INTO sessions VALUES ('$id', '$access', '$data')"; return mysql_query($sql, $_sess_db); } function _destroy($id) { global $_sess_db; $id = mysql_real_escape_string($id,$_sess_db); $sql = "DELETE FROM sessions WHERE id = '$id'"; return mysql_query($sql, $_sess_db); } function _clean($max) { global $_sess_db; $old = time() - $max; $old = mysql_real_escape_string($old,$_sess_db); $sql = "DELETE FROM sessions WHERE access < '$old'"; return mysql_query($sql, $_sess_db); } Code (markup): I'd be quite happy if the original timeout period of 25 mins or so were working again. But the session only seems to timeout when the window is closed. I think I need to delete the specific cookie/session data from the database. and clear it from session history but I am not sure how to do this or where to do it in the code. Thanks for any help in advance.