Problem/Motivation
Currently you can set "gc_maxlifetime" which states in the docs:
# Set session lifetime (in seconds), i.e. the time from the user's last
# visit to the active session may be deleted by the session garbage
# collector. When a session is deleted, authenticated users are logged out,
# and the contents of the user's $_SESSION variable is discarded.
# @default 200000
gc_maxlifetime: 200000
My use case is: after 15 minutes of idle, the user should be logged out. Currently this is impossible to implement because our implementation of \SessionHandlerInterface::gc deletes all sessions with an elapsed "timestamp" column, which is only updated when the session is written to.
The outcome being, if a user is browsing a site and doesn't trigger any kind of write to the session, they are logged out after "gc_maxlifetime" has elapsed despite being active on the site.
Proposed resolution
Update the session timestamp in ::read or possibly make it clearer in the docs?