At 15:08 22.11.2002, Michael Sims spoke out and said:
>I 'm not where I can test this right now, but if a session is older
>than session.gc_maxlifetime, isn't it invalid anyway?  I.E. if I
>bookmark a page on your site and then come back 3 hours later passing
>an old SID, shouldn't that session have expired on the server by that
>time, in which case the session vars would be empty and you could kick
>me back to your login page?

I don't think the session handler checks session expiry - only gc does. I
haven't checked the PHP sources yet, but I found out that on my development
server (where we definetely don't have a lot of traffic ;->) session files
can persist over night, and the session is still available in the
morning... only when the gc_probability is hit (i.e. at the 100th access),
the file gets removed. At least with my PHP (4.2.2, RH 7.2).

   >O Ernest E. Vogelsinger 
   (\) ICQ #13394035 

Reply via email to