On Saturday, February 16, 2002, at 07:43 AM, Nigel Gilbert wrote:
> By default, a session (created with session_register) seems to last > just as long as the user has their browser open. If a user quits the > browser, the session is automatically destroyed. > > I want a session to last indefinitely (or until my program destroys > it). There are some hints about how this could be done with cookies in > the documentation, but not a clear recipe. What sequence of PHP > statements should I use to achieve this? I don't have the answer you're looking for (maybe it's a php.ini setting), but I suspect that it might be a dangerous idea. The longer a session ID is hanging about, the easier it is for a cracker to hijack it and use it for evil intent. Remember, every time a page is requested within any given session, either a cookie variable or a GET variable is being sent along with the HTTP headers. Keeping a session going for more time than needed means that the variable representing the session ID is leaving footprints all over the place. Erik <-- who has become overcautious lately upon learning how HTTP works ---- Erik Price Web Developer Temp Media Lab, H.H. Brown [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
