Michael Sims wrote:
If my understanding of sessions is correct, no.I 'm not where I can test this right now, but if a session is older than session.gc_maxlifetime, isn't it invalid anyway? I.E. if I bookmark a page on your site and then come back 3 hours later passing an old SID, shouldn't that session have expired on the server by that time, in which case the session vars would be empty and you could kick me back to your login page?
session.gc_maxlifetime does set the lifetime of a session, but a session will not be cleaned by PHP until session.gc_probability has been hit. Again, if my understanding is correct, PHP doesn't automatically check to see if a session has expired before accessing it. It pre-supposes that any session file lying around is till active. And those session file will stay there until session.gc_probability has been hit.
I might be wrong though ...
Jc
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
