[EMAIL PROTECTED] wrote:
... The expectation is that if the member comes back after the time
out, then they would be required to login again but the login code
does a check for an active cookie and not a session and allows the
user to access the site apparently creating a new session.
I hope this explanation is clear enough for someone to give me some
ideas about how to go about solving this. ...
If you're using sessions, there's no need for the cookie. If you must,
try setting the timeout value of your cookie to the same amount as the
timeout for the PHP sesssion id. Example:
setcookie('somesessionid','MrX-a8g238goenrgarPassHash',time()+60*30);
The example above sets a cookie to expire after (current time + 60
seconds * 30 minutes).
The cookie expires at the designated absolute time and may fail if the
user has the time/date on their computer set incorrectly.
~Rolan
_______________________________________________
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com
Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php
