Michael Sims wrote:
I 'm not where I can test this right now, but if a session is older
than session.gc_maxlifetime, isn't it invalid anyway? I.E. if I
bookmark a page on your site and then come back 3 hours later passing
an old SID, shouldn't that session have expired on the server by that
Michael Sims wrote:
Then I suppose it's just an added feature of the session handler I am
using. Maybe the OP should give it a shot, as I use it and I
definitely don't have a problem with expired sessions
I'll think about writing my own session handler as it can be quite
useful. However I
At 08:47 24.11.2002, Jean-Christian Imbeault said:
[snip]
Ernest E Vogelsinger wrote:
if ($_COOKIE[$_SESSION['cookie_name']] == $_SESSION['cookie_token']) {
Ok, please forgive my ignorance, but in PHP isn't $_COOKIES the same as
$_SESSION?. I
At 08:56 24.11.2002, Jean-Christian Imbeault said:
[snip]
session.gc_maxlifetime does set the lifetime of a session, but a session
will not be cleaned by PHP until session.gc_probability has been hit.
Again, if my understanding is correct, PHP doesn't
Ernest E Vogelsinger wrote:
No, that's a misunderstanding. Session var's are never passed to and from
the client, only the session _name_ is passed, either via a cookie
(PHPSESSIONID) or via trans-sid href encoding.
Thanks for clearing that up! I hadn't realized that only the session
name was
on 24/11/02 11:10 PM, Jean-Christian Imbeault ([EMAIL PROTECTED]) wrote:
This now hands me a dilemma ... I was building my site conservatively,
i.e. assuming the user would have cookies turned off. And so I am making
heavy use of session variables. *But* I had thought that if the user had
Justin French wrote:
What sort of stuff are you storing in the session that your are worried
about with too many writes?
Oh, this site is just your regular, run-of-the-mill, amazon.com copy.
For each open session I store up to 20 variables. It's not a lot, but
each access to a script means a
At 13:10 24.11.2002, Jean-Christian Imbeault said:
[snip]
This now hands me a dilemma ... I was building my site conservatively,
i.e. assuming the user would have cookies turned off. And so I am making
heavy use of session variables. *But* I had thought
At 14:15 24.11.2002, Jean-Christian Imbeault said:
[snip]
Oh, this site is just your regular, run-of-the-mill, amazon.com copy.
For each open session I store up to 20 variables. It's not a lot, but
each access to a script means a disk read/write so they
On Sun, 24 Nov 2002 17:01:21 +0900, you wrote:
Michael Sims wrote:
Then I suppose it's just an added feature of the session handler I am
using. Maybe the OP should give it a shot, as I use it and I
definitely don't have a problem with expired sessions
I'll think about writing my own
--- Jean-Christian Imbeault [EMAIL PROTECTED] wrote:
This now hands me a dilemma ... I was building my site
conservatively, i.e. assuming the user would have
cookies turned off. And so I am making heavy use of
session variables. *But* I had thought that if the
user had cookies enabled then
Ernest E Vogelsinger wrote:
if ($_COOKIE[$_SESSION['cookie_name']] == $_SESSION['cookie_token']) {
Ok, please forgive my ignorance, but in PHP isn't $_COOKIES the same as
$_SESSION?. I thought it was if the user had cookies turned off (and
even if the user had cookies turned on come to
At 08:02 22.11.2002, Jean-Christian Imbeault said:
[snip]
Is it because I am putting the SID in the URL? I haven't tested with
cookies yet as I want to get my site working without cookies first.
Definetely yes.
The PHP session is (with the default setup)
Justin French wrote:
PHP cannot possibly know when a user closes a window... PHP regularly
cleans out the garbage of old abandoned sessions, but you cannot expect
this instantly...
True ... but the browser does.
I think I would not have this problem using cookies since the cookie
would
At 08:56 22.11.2002, Justin French said:
[snip]
PHP cannot possibly know when a user closes a window... PHP regularly
cleans out the garbage of old abandoned sessions, but you cannot expect
this instantly...
This is controlled by the session.gc_probability
Ernest E Vogelsinger wrote:
Definetely yes.
After reading Justin's post I realized that.
What I usually do (I also have session cookies switched off) is to send the
user a session cookie when he logs in. This way I can use cookieless
sessions, but when it comes to sensitive areas I can be
Ernest E Vogelsinger wrote:
This is controlled by the session.gc_probability value in your INI file
I know I can probably find this in the documentation somewhere but ...
how do I set the expire time on a session?
Increasing this value will make this
process more often, setting it to 100
On Friday 22 November 2002 16:28, Jean-Christian Imbeault wrote:
Ernest E Vogelsinger wrote:
This is controlled by the session.gc_probability value in your INI file
I know I can probably find this in the documentation somewhere but ...
how do I set the expire time on a session?
Increasing
Jason Wong wrote:
If you set it 100, then _every_ request in which sessions are used, PHP has to
go through all the session files (by default stored in /tmp) and check
whether they have expired. If you have a busy server you could have thousands
of session files. Checking thousands of files
At 09:28 22.11.2002, Jean-Christian Imbeault said:
[snip]
This is controlled by the session.gc_probability value in your INI file
I know I can probably find this in the documentation somewhere but ...
how do I set the expire time on a session?
The
At 09:25 22.11.2002, Jean-Christian Imbeault said:
[snip]
What I usually do (I also have session cookies switched off) is to send the
user a session cookie when he logs in. This way I can use cookieless
sessions, but when it comes to sensitive areas I can
At 09:28 22.11.2002, Jean-Christian Imbeault said:
[snip]
This is controlled by the session.gc_probability value in your INI file
I know I can probably find this in the documentation somewhere but ...
Forgot to add this (sorry):
On Friday 22 November 2002 16:44, Jean-Christian Imbeault wrote:
Jason Wong wrote:
If you set it 100, then _every_ request in which sessions are used, PHP
has to go through all the session files (by default stored in /tmp) and
check whether they have expired. If you have a busy server you
On Fri, 22 Nov 2002 14:57:23 +0900, you wrote:
[...]
1- the user logs in
2- bookmarks the page
3- closes the browser
4- opens the browser
5- goes to the saved bookmark page
He has access to the page. I.e. the session did not close/terminate when
he closed his browser ...
I 'm not where I can
At 15:08 22.11.2002, Michael Sims spoke out and said:
[snip]
I 'm not where I can test this right now, but if a session is older
than session.gc_maxlifetime, isn't it invalid anyway? I.E. if I
bookmark a page on your site and then come back 3 hours later
Jean,
This is a common challenge with a pretty easy solution.
First, in case you are curious why the session can be reestablished,
the bookmarked page likely has the session identifier in the query
string. Thus, it is unnecessary for the browser to send a cookie,
because it is sending the
On Fri, 22 Nov 2002 15:08:31 +0100, you wrote:
I don't think the session handler checks session expiry - only gc does. I
haven't checked the PHP sources yet, but I found out that on my development
server (where we definetely don't have a lot of traffic ;-) session files
can persist over night,
on 22/11/02 4:57 PM, Jean-Christian Imbeault ([EMAIL PROTECTED]) wrote:
I've made a site in PHP and on some pages a user needs to log in first
before gaining access to the page. (i.e. there is a log in page).
Once the user has logged in I keep that fact in a session variable so
that he
Justin French wrote:
I know that for IE Mac users (not sure about NN7) it's not until you QUIT
the application that the session is terminated...
I *think* you'll find something similar in Windows... perhaps when ALL open
browser windows are closed and/or the browser app is QUIT, the session
PHP cannot possibly know when a user closes a window... PHP regularly
cleans out the garbage of old abandoned sessions, but you cannot expect
this instantly...
the only way to kill a session is to kill it on the server with
session_destroy(), which will require the user to access a logout script,
30 matches
Mail list logo
