Justin French wrote:
I exited all apps and restarted the browser. Didn't help. I also copy-pasted the URL (http://192.168.254.14/my_account.html?step=order_list&PHPSESSID=b6f60469a3a67b677cf9c13e34b17072) from my Netscape 7 browser into an IE browser and the sessions was still valid ...I know that for IE Mac users (not sure about NN7) it's not until you QUIT the application that the session is "terminated"...I *think* you'll find something similar in Windows... perhaps when ALL open browser windows are closed and/or the browser app is QUIT, the session will end?
Is it because I am putting the SID in the URL? I haven't tested with cookies yet as I want to get my site working without cookies first.
I agree! The problem I have now is that a user can bookmark a page with the SID in the URL and then come back later and the session is still active ... the session should close when the browser is closed.Adding a logout feature will help people who are worried about security, because it can kill the cookies on the browser.
I have set session.auto_start = 1 so I would think that after closing the browser and going to the bookmarked paged a new session would be started, killing the SID passed in from the URL no?
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php