Hi Matt,

The user's browser will retain the session cookie as long as it is open
unless "session.cookie_lifetime" is set to something other than zero in the
php.ini or you can also set it in your script like this:

// set session cookie to expire in 30 minutes.

If they don't close their browser they can leave and come back to your site
and still have the same session. In I.E. you can even pop a new browser and
the child browser will have the same session cookie as the parent....
feature or bug??? who knows.

As far as the files in /tmp are concerned... There are two variables that
control them in the php.ini

1) session.gc_maxlifetime
2) session.gc_probability

if session.gc_maxlifetime is set to 1800 then php will see any files left in
/tmp as garbage after 30 minutes. session.gc_probability is a percentual
probability that any "garbage" will be deleted. Since any files left in /tmp
will be useless to a browser that exceeded our 30 minutes they are not
harmful but will need to be culled eventually to keep it from growing
forever. If session.gc_probability was set 100 then every single time there
was session activity the "garbage" files would be deleted. This could get to
be too much extra overhead on a busy server so you could set it to something
like 1 so that only every 1 out of a hundred times there was session
activity the "garbage" files would be deleted.

NOTE: if session.gc_maxlifetime is set to something less than
session.cookie_lifetime and gc_probability is high (or you just get unlucky
and the number comes up) session data on the server could be deleted and the
user's browser would still have the old session cookie to a session that no
longer exists. This means that the user will not be able to get another
session and can make a mess of an ecommerce deal. I believe all three ini
variables can be set by user via ini_set and I would strongly recommend
taking advantage of that if you are on a shared server and cannot control
what's in php.ini.

Sorry for the book. But sessions can be difficult to grasp if your new and I
thought this was important.

Jim Grill
Web-1 Hosting
----- Original Message -----
From: "Matt Babineau" <[EMAIL PROTECTED]>
Sent: Thursday, July 25, 2002 9:15 AM
Subject: [PHP] Sessions, how they exist and die

> My question is, if I have a user on my web site, and they leave and come
> back does their session still exist? the file in the /tmp folder exists
> until it is deleted by the OS? If the user comes back will they get
> assigned the same session they had before? I know the questions are
> pretty newbish but I have had experiences in other languages in the past
> where this is the case. The session cookie stayed in the users browser,
> so they kept getting the same session and not a new session if they left
> and came back a day later.
> Matt Babineau
> -----------------------------------------
> p: 603.943.4237
> w:  <http://www.criticalcode.com/> http://www.criticalcode.com
> PO BOX 601
> Manchester, NH 03105

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to