Graham Cossey schrieb:
[snip]
If you are right, then this is a severe design bug.
Depends on your point of view. It is a sideeffect of loading current
session (and thus accessing it) before the session gc is called.
So the question is, should the session module give up on current session
just because it should have been garbaged, even if the session file
still exists?
Apologies if I'm way off here, but I'm relatively new to PHP.
Surely it should be down to settings in php.ini, not a point of view or the
probability of the garbage collection possibly having run when a new session
is started. Why can there not be a session_timeout value that is adhered to?
Would it not also save everyone from writing their own code to determine
whether or not they should be using the session that PHP is making
available?
If my site is accessed by few users and I have a session 'timeout' of
30minutes specified, if Bob leaves his PC at 10:00 I would expect that if he
returned at 10:40, and no-one else had accessed the system, his session
would have expired and he would need to re-authenticate to create a new
session.
Short of writing custom session handlers, the current arrangement seems
somewhat haphazard to me.
Those are my current thoughts anyway.
Graham
Graham,
that's also my point.
Unfortunately this isn't happening.
Bob can work on as he never left his PC.
Hendrik
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php