Re: Unique, "hard" session timeout on a shared server

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



kjohnson@xxxxxxxxxxx wrote:
> I have researched a few ways to set a "hard" session timeout on a shared
> server. Does anyone have comments on the advantages/disadvantages of each
> approach? Are there other alternatives?
>
> 1. Override the php.ini settings in an .htaccess file:
>
> php_value session.gc_maxlifetime 900
> php_value session.gc_divisor 1
> php_value session.gc_probability 1
>
> 2. Put a "previous request" timestamp into the session, and compare it to
> the current timestamp on a request.

The advantage is that you can then put your time-out into the database as
a config option, and play with it as you see fit in an admin section
slightly easier then editing .htaccess, or MUCH easier for, say, a client.

Gives you a bit more flexibility and control over your sessions.

> 3. Set a <meta> refresh to a "kill session" script.

Not real reliable, but can be useful for those browsers that do it.

> Will there be a performance hit for all applications on the server under
> the first method?

No.

Well, sorta.

Two Facts:
1. If you turn on .htaccess in httpd.conf, it slows Apache down, since it
needs to hit the hard drive to find if you have .htaccess in every
directory up to the DocumentRoot

2. What you set in .htaccess applies to all directories *BELOW* (and
including) the .htaccess file.  So it would affect the applications
installed in descendent-directories of the directory containing the
.htaccess

-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux