On Fri, 22 Nov 2002 14:57:23 +0900, you wrote:

>1- the user logs in
>2- bookmarks the page
>3- closes the browser
>4- opens the browser
>5- goes to the saved bookmark page
>He has access to the page. I.e. the session did not close/terminate when 
>he closed his browser ...

I 'm not where I can test this right now, but if a session is older
than session.gc_maxlifetime, isn't it invalid anyway?  I.E. if I
bookmark a page on your site and then come back 3 hours later passing
an old SID, shouldn't that session have expired on the server by that
time, in which case the session vars would be empty and you could kick
me back to your login page?

I personally use a custom session handler (MySql based, which I got
from www.phpbuilder.com) and I believe this is how my site behaves,
but I'm not for certain.  I'll try to test it out and see...

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to