Michael Sims wrote:
I 'm not where I can test this right now, but if a session is older
than session.gc_maxlifetime, isn't it invalid anyway?  I.E. if I
bookmark a page on your site and then come back 3 hours later passing
an old SID, shouldn't that session have expired on the server by that
time, in which case the session vars would be empty and you could kick
me back to your login page?
If my understanding of sessions is correct, no.

session.gc_maxlifetime does set the lifetime of a session, but a session will not be cleaned by PHP until session.gc_probability has been hit. Again, if my understanding is correct, PHP doesn't automatically check to see if a session has expired before accessing it. It pre-supposes that any session file lying around is till active. And those session file will stay there until session.gc_probability has been hit.

I might be wrong though ...


PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to