> > Running <session:invalidate> causes the current session file to be > > deleted.
> Hmmmm, the _file_? It should delete the session in the sessions file, > but not the file itself.... That would cause the loss of all > sessions... Thats right. The users session file gets physically removed from the file system and subsequent page requests cause new files to be created on the filesystem (one for each new page request). > > Deleting the session files, clearing the browser cache and deleting > > all the browser cookies has no effect. The only thing that will stop > > new session files being created is closing the browser and reopening > > it. > Hmmmm, OK. The default behavior of cookies, according to the spec (which > I glanced at last night), if no expiry is set, is to get deleted on > exit. So, perhaps the browser isn't deleting your cookies even if > you're telling it to...? I am not specifically telling the browser to delete cookies in my script, I assume that session:invalidate does this as part of its invalidation process? (when I say 'deleting the browser cookies' I mean I have manually gone into the browser preferences and selected 'delete cookies' in an attempt to stop new files being generated on the filesystem). Although this had no effect and the session folder continued to fill up with new files. > Nevertheless, if we clear up some concepts here (i.e. what do you mean > by "file"), there is something that tells me there is a real problem > here, concerning how BasicSession handles invalidation. Possibly, the > browser still sends the cookie back, but since that's been invalidated > and not in the server's store, BasicSession gets confused. Something > like that... By 'file' I mean the physical file on the filesystem (located in the session directory) whose name is a long string (I think relating to the sessionId). Usually one of these files get created per session, which is used throuought the life of the session to store session variables. -- Tom David Kirkpatrick Virus Bulletin Web Developer, Virus Bulletin Tel: +44 1235 555139 Web: www.virusbtn.com -- Tom David Kirkpatrick Virus Bulletin Web Developer, Virus Bulletin Tel: +44 1235 555139 Web: www.virusbtn.com --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
