I would put a timelimit on the session, create a session var called time, or loginTime or something, and compare it to time() with php, give a leyway of an hour or something. This is a standard securty measure to prevent people from leaving the pc with a session running all day, and someone else sitting down and ordering the world to his home. So if the session is an hour old, destroy it.
Jason On Tue, 27 Jul 2004 22:17:08 +0100, Enda Nagle - Lists <[EMAIL PROTECTED]> wrote: > Hi Guys, > > I have a problem with a site where Iım using sessions. > > Basically, I have it so that someone enters the site and their session > (shopping cart ref) is created on entry (unless it already exists) and all > variables are stored in the session. > > Problem is that when someone goes so far in the ordering process, and then > (for whatever reason) leaves the site, and comes back hours, seconds or > whatever later, and goes again to place an order, the details are different > (time), and the session stays the same so the order entry is entered twice > in the database. > > I have gotten around this by checking for the existence of the database > entry for that person and session, and if the entry exists, then I just > update the details, but Iım wondering if there might be a better way of > doing this? > > I had looked at the idea of sessions expiring and found the following in my > php.ini file, and see that the session lifetime is set to 24mins, but am > wondering if there is any given reason why I should change this (or not!). > > session.cookie_lifetime = 0 > session.gc_maxlifetime = 1440 > > Thanks for the help, > > Enda > -- > > - + - + - + - + - + - + - + - + - + - + - + - + - > > Enda Nagle > +353 86 168 0774 > [EMAIL PROTECTED] > www.category9.com > > - + - + - + - + - + - + - + - + - + - + - + - + - > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
