Making your session never expire is a bad idea, by doing this you are most likely going to be using the same session id forever which gives attackers a much longer amount of time to guess or brute force a session id AND you will continue to use hard drive space and inodes on your server because gc will never clean them up.
Also that means that anyone on any of these computers will be able to access the user's information whether they really are that user or not. Rather than making the session last forever you should force your users to login and then load their session information, if you are putting information into sessions that needs to be persistent between sessions you should either store it in files or in a database and then load it when you need it. Jason On Mon, 2003-02-17 at 07:40, Altug Sahin wrote: > Hi there, > > I have setup a site with session management but even the browser is closed > or after the default time expiration of the session, the user should be able > to see his/her personalized settings. I am nor using any cookies. > > How can I make this happen without changing my session related code? Should > I combine cookies with sessions or can I make my sessions never expire even > the browser is closed? > > Thanks > -Al > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
