Re: setting session timeout through .htaccess
- From: Andy Hassall <andy@xxxxxxxxxxx>
- Date: Sun, 13 Nov 2005 22:25:07 +0000
On Sun, 13 Nov 2005 19:49:41 GMT, Ciphex .? <ciphex@xxxxxxx> wrote:
>Forgive me If I am missing something but do PHP sessions not live for
>the life of the browser?
>In all of my sessions work with PHP (which has been limited) the
>session identifier cookie is set automatically by PHP with an expiry
>time of the life of the browser... so until someone quits IE or Firefox
>or whatever... their cookie is alive... therefore when they try to
>access the session data again, as long as they didn't quit their
>browser before going to the john.... then their form would work as
>expected when they return.
The cookie may be a browser-session cookie (by default) with no timeout, but
PHP has its own timeout after which the session data is subject to deletion.
(There's nothing to stop someone opening a browser, starting a session and
keeping that browser open for a year...)
Since there is no way for PHP to know when a user has closed their browser,
PHP must have a way of expiring the session data from the server.
Also, the session cookie doesn't have to be a browser-session cookie anyway,
it can be a normal cookie with a specific timeout.
--
Andy Hassall :: andy@xxxxxxxxxxx :: http://www.andyh.co.uk
http://www.andyhsoftware.co.uk/space :: disk and FTP usage analysis tool
.
- References:
- Re: setting session timeout through .htaccess
- From: Andy Hassall
- Re: setting session timeout through .htaccess
- From: Ciphex . π
- Re: setting session timeout through .htaccess
- Prev by Date: how to set Read timeout ?
- Next by Date: Re: how to set Read timeout ?
- Previous by thread: Re: setting session timeout through .htaccess
- Next by thread: How to tell if escape behavior is turned on
- Index(es):
Relevant Pages
|
|
