From: "Ng Hwee Hwee" <[EMAIL PROTECTED]>

> okie, my 'session.gc_maxlifetime' = 1440 and session.gc_probability = 1.
>
> so, should I change it to something like 43,200 (12hours*60mins*60sec)??
> for example, one person works a maximun of 12 hours a day. But does
> it mean that by lengthening this value, the session will still be kept
even
> if the user closes his browser??

Setting your gc_maxlifetime to that means that the server will not delete
the users session data files until they are over 43200 seconds old, meaning
the user hasn't requested a page in over 12 hours.

The session does not exist past the point of closing the browser unless you
increase the lifetime of the session cookie itself. I would recommend you
just leave it at zero, though, meaning it only persists for as long as the
browser window is open. The longer you make the sessions last, the easier it
is for someone to hijack them.

---John Holmes...

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to