CakePHP 2.9 How is session expires field calculated?

I’m using database sessions (cake_sessions table) and the expires field is a UNIX timestamp that gets modified upon every page load. My Session.timeout & Session.cookieTimeout value are both 12 hours. When I view the cookie in my browser, it’s correctly set to 12 hours ahead from when I first initiate a new session. Likewise the expires field is also set for the same time.

However, the expires field in the cake_sessions table is updated on every page load to 12 hours PAST THE CURRENT TIME. In other words, this field continually gets updated to go beyond the browser’s cookie timeout value. Why does it do this and won’t the browser terminate the session regardless once the original 12 hour timeout occurs?

Example to clarify:

  • New session in browser & db set to 2/14/2017 5:50am.
  • I reload the page and the browser’s cookie timeout is unchanged (2/14/2017 5:50am).
  • However, the db “expires” field now reads 2/14/2017 5:51am (assuming I waited a full minute before refreshing)