|
|
Posted by Andy Hassall on 11/14/05 00:25
On Sun, 13 Nov 2005 19:49:41 GMT, Ciphex .? <ciphex@mac.com> wrote:
>Forgive me If I am missing something but do PHP sessions not live for
>the life of the browser?
>In all of my sessions work with PHP (which has been limited) the
>session identifier cookie is set automatically by PHP with an expiry
>time of the life of the browser... so until someone quits IE or Firefox
>or whatever... their cookie is alive... therefore when they try to
>access the session data again, as long as they didn't quit their
>browser before going to the john.... then their form would work as
>expected when they return.
The cookie may be a browser-session cookie (by default) with no timeout, but
PHP has its own timeout after which the session data is subject to deletion.
(There's nothing to stop someone opening a browser, starting a session and
keeping that browser open for a year...)
Since there is no way for PHP to know when a user has closed their browser,
PHP must have a way of expiring the session data from the server.
Also, the session cookie doesn't have to be a browser-session cookie anyway,
it can be a normal cookie with a specific timeout.
--
Andy Hassall :: andy@andyh.co.uk :: http://www.andyh.co.uk
http://www.andyhsoftware.co.uk/space :: disk and FTP usage analysis tool
Navigation:
[Reply to this message]
|