Some browsers including FireFox require you to close all
open browser windows before the session cookies will expire.
[EMAIL PROTECTED] wrote:
I have try to set
define('CAKE_SECURITY', 'high');
but when the browser is closed the session does not expire.
On 12 Ott, 00:27, Grant Cox <[EMAIL PROTECTED]> wrote:
There have been threads like this before, where the question was
really "why are Cake sessions persisting even after closing and re-
opening the browser", and the answer is that you have changed the
define('CAKE_SECURITY', 'high');
in your /app/config/core.php to something other than 'high'. In
either 'medium' or 'low' the Cake session id is stored in a cookie
that does not expire when the browser is closed. Set it to 'high' and
this cookie will expire, and your browser will not have the same
session.
Wayne's answer is still correct though - unless a user logs out your
server cannot know to invalidate their session, which is why they have
a timeout limit.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Cake PHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
|
