|
|
Posted by rehevkor5 on 11/21/06 04:47
Although what you wrote looks ok to me, the only way to be sure is to
do some testing, and actually watch the server create and destroy the
session files. That way you will be sure it is behaving the way you
want it to. You can use a browser like Firefox to look at the session
id in the cookie created by your site to pair up a browser session with
a session file on the server (it will be named with the session id).
Also, I'm not so sure about that session.save_path. Seems to me that
should be an absolute path, starting from a drive letter in Windows or
root in *nix.
Mickey wrote:
> Hi,
>
> I just have a couple of questions regarding sessions. I read the php
> manual but I just wasn't clear on a couple of things.
>
> I am using the following to control my sessions:
> ..
> ini_set('session.save_path',"./sessions/sess/");
> ini_set("session.gc_maxlifetime","300");
> ini_set('session.gc_probability',1);
> ini_set('session.gc_divisor',1);
> ..
>
> I want the garbage collector to kill a users session the second a user
> closes their browser (or as quick as possible). Am I doing correct
> above ^ to achieve this?
>
> Also, are there any security issues with having the 'session.save_path'
> set to a directory like above or should I perhaps have it set to
> somewhere like "../../sessions/sess/"?
>
> Thanks in advance!
Navigation:
[Reply to this message]
|