Colin Guthrie-6 wrote: > > So am I right in saying that it is expected that the application stores > the session id into long term storage and associate it with the user who > has logged in? This would then allow an initial landing on the site with > a given session id to be double checked against the list of > user_id-session_id pairs and "authenticate" the user (with a > regeneration of their session id thrown in for added security)? >
With rememberMe() you are setting session lifetime. Garbage collector doesn't remove session files that are still valid. BTW, if you are using Debian (maybe Ubuntu as well) be aware that garbage collection is turned off because non-root users cannot access the directory where session files are stored, so you have to run a cronjob to clean the old session files. Regards, Goran Juric http://gogs.info/ -- View this message in context: http://www.nabble.com/Zend_Session%3A%3ArememberMe%28%29-tp19975066p19977124.html Sent from the Zend Framework mailing list archive at Nabble.com.
