The premise is simple.
New customer arrives at our site, is redirected to the register/login page (since they are a new visitor and no cookie is present) and after registering or logging in (if already have an account but visiting from a different machine/browser) they are taken to the home page.
Every time they subsequently visit, they should not see the register/login page (unless they explicitly log out, cookies are disabled/blocked, or they visit from a different browser/device).
I would think that theoretically, setting the cookie value to an absurdly high number (in our case, 30+ years) and checking for the presence of that cookie before the redirect to the register/login page would work.
In our case it is not. I feel like the session is still lasting roughly an hour or so before a visit back to the home page of the site redirects a user to register/login.
So what am I missing here? Any advice?
---edit--- I had been assured by our web host that session.gc_maxlifetime was not the issue. I set it to 86400 on our development server and after leaving my browser idle overnight, I returned the next day and I think it's working as intended.
One issue I have with this is that it also sets the magento admin timeout to the same value, which may introduce a security risk if an employee is given Magento admin access and then gets fired/quits/etc. I certainly don't want their session to continue for as long as we want customer sessions to last (months).
I'm hoping that the CONFIG>>ADVANCED>>ADMIN>>SECURITY>>SESSION LIFETIME setting is not overridden by this.
