Ok I think I understand this better, my garbage collection is working but I just didn't see it before. Until I check to see if the data was actually being deleted from the /tmp directory (der!).
I was using just one browser to test this. So when I navigated through some test pages passing the PHPSESSID in the url and let it expire, the session_start() wouldn't do a garbage clean up against itself (if that makes sense) being the "parent" browser. Now I didn't see the garbage clean up until I launched the second browser and when it ran the session_start() it cleaned up the expired session of the first browser, thus any other activity on the first browser would cause the browser to go back to the login page. Thanks for your reply Matt ----- Original Message ----- From: "Jason Sheets" <[EMAIL PROTECTED]> To: "Matias Silva" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Thursday, January 09, 2003 8:38 PM Subject: Re: [PHP] Session Expiration? > First are you sure the data was not deleted? If the cookie is still set > in your browser a new session file will be created with the same session > id. > > I believe you adjust the session gc and the session max lifetime, > additionally if you are concerned about someone bookmarking a sessionid > or storing it in history take a look at the session.referer_check > configuration directive: > > ; Check HTTP Referer to invalidate externally stored URLs containing > ids. > ; HTTP_REFERER has to contain this substring for the session to be > ; considered as valid. > session.referer_check = > > Obviously it wont work with some browsers and referer is sent by the > client but every little bit helps. > > Jason > > On Thu, 2003-01-09 at 20:09, Matias Silva wrote: > > I have gone through the past posts and can't find an answer to my problem > > > > I'm using a URL based session management schema, and I was wondering how to > > set > > the session duration time. I know there is the session.gc_probability and > > session.gc_maxlifetime but > > that's only for garbage collection. Just for testing I set the probability > > to 100 and the maxlifetime to 60 > > just to see if my session would automatically expire, as my luck would have > > it didn't. I use session_start() > > in my test scripts so that should run with a 100% probability any garbage > > clean up of any sessions > > that are 1 minute old. > > > > I have the session.use_cookies set to 0 and, the session.cookie_lifetime > > only applies to cookies. So I don't > > know why my sessions are not expiring. Does anybody have any Idea? Should > > I just be manually checking > > for the duration of the session(?) and then delete it if it has expired? > > > > Best, > > Matt > > > > > > Matt Silva > > ---------------------------------------------------------------------------- > > ----------------------------------------- > > Empower Software Technologies > > [EMAIL PROTECTED] > > PH 909.672.6257 > > FX 909.672.6258 > > > > > > > > -- > > PHP General Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
