RE: Sessions not destroyed

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



[snip]
> >
> > If you are right, then this is a severe design bug.
>
> Depends on your point of view. It is a sideeffect of loading current
> session (and thus accessing it) before the session gc is called.
>
> So the question is, should the session module give up on current session
> just because it should have been garbaged, even if the session file
> still exists?

Apologies if I'm way off here, but I'm relatively new to PHP.

Surely it should be down to settings in php.ini, not a point of view or the
probability of the garbage collection possibly having run when a new session
is started. Why can there not be a session_timeout value that is adhered to?
Would it not also save everyone from writing their own code to determine
whether or not they should be using the session that PHP is making
available?

If my site is accessed by few users and I have a session 'timeout' of
30minutes specified, if Bob leaves his PC at 10:00 I would expect that if he
returned at 10:40, and no-one else had accessed the system, his session
would have expired and he would need to re-authenticate to create a new
session.

Short of writing custom session handlers, the current arrangement seems
somewhat haphazard to me.

Those are my current thoughts anyway.

Graham

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux