The php.ini directive "session.gc_maxlifetime"?? is worth a read

Justin French

on 16/08/02 1:51 AM, mintbaggio ([EMAIL PROTECTED]) wrote:

> Thanks a lot. 
> The other day I have talked with one of my classmates and say that
> there is nearly no essential differences between session and url
> variables, after I read your answer I know that it does have.
> I have tried your way of using session, it does make sense in differentiate
> between session and url variables.
> I still can't find whether there is a life-time for session. Could you help
> me?
> Best Wishes!
> ----- Original Message -----
> From: "SHEETS,JASON (Non-HP-Boise,ex1)" <[EMAIL PROTECTED]>
> To: "'mintbaggio'" <[EMAIL PROTECTED]>
> Sent: Tuesday, August 13, 2002 3:27 AM
> Subject: RE: [PHP] Some questions.
>> Turn off register globals and use the superglobals, if this doesn't make
>> sense refer to the PHP manual available at
>> Basically as of PHP 4.1 all session variables are accessible by using
>> $_SESSION['name'] for example.
>> Example1.php
>> <?php
>> session_start(); // start session using session start
>> $_SESSION['name'] = 'Jason Sheets'; // create and register a
>> variable
>> ?>
>> Example2.php (this file accesses the variable from example1)
>> <?php
>> session_start(); // start session using session start
>> print 'Your name is: ' . $_SESSION['name'] . '<br>'; // print line
>> containing variable
>> When you have register globals off or you use superglobals post and get
>> information will not be propagated to the session array, meaning that even
>> if the user sets loggedin=1 in their url when you check if
>> $_SESSION['loggedin'] == 1 it will be false unless they logged in.
>> Jason
>> -----Original Message-----
>> From: mintbaggio [mailto:[EMAIL PROTECTED]]
>> Sent: Monday, August 12, 2002 11:43 AM
>> Subject: [PHP] Some questions.
>> Hello
>> I'm a Chinese university student,I want to ask some questions about session.
>> These days I'm build a website for my university with PHP, But I meet a
>> question when I develop the part of User Management: After I have log out
>> from a user page(I use "session_unset()" and "session_destroy()"),I can
>> return to the page again by click the button "Back"to that pagea and refresh
>> it, the user page can be shown again. This is unsafe.
>> So I want to ask that the function "session_unset" and "session_destroy()"
>> will
>> destroy session immediately or there is a life-time for session. In my
>> memory,
>> I think that there is a life-time for session and the life-time can be
>> configured.
>> Another question:
>> If the user log page is "main.php",the page for authenticate the user is
>> "login.php"
>> I use session to store the infomation of user such as :
>> session_register($userid);
>> But if the variables in the session are unfortunately be known by somebody
>> else.
>> and he can visit others' information bye the url:"login.php?userid=***",how
>> can solve
>> these problem? use a ugly but difficult session varable?
>> Just two questions.
>> Thanks a lot.
>> Wish back soon!
>> Best wishes

PHP General Mailing List (
To unsubscribe, visit:

Reply via email to