kjohnson@xxxxxxxxxxx wrote: > I have researched a few ways to set a "hard" session timeout on a shared > server. Does anyone have comments on the advantages/disadvantages of each > approach? Are there other alternatives? > > 1. Override the php.ini settings in an .htaccess file: > > php_value session.gc_maxlifetime 900 > php_value session.gc_divisor 1 > php_value session.gc_probability 1 > > 2. Put a "previous request" timestamp into the session, and compare it to > the current timestamp on a request. The advantage is that you can then put your time-out into the database as a config option, and play with it as you see fit in an admin section slightly easier then editing .htaccess, or MUCH easier for, say, a client. Gives you a bit more flexibility and control over your sessions. > 3. Set a <meta> refresh to a "kill session" script. Not real reliable, but can be useful for those browsers that do it. > Will there be a performance hit for all applications on the server under > the first method? No. Well, sorta. Two Facts: 1. If you turn on .htaccess in httpd.conf, it slows Apache down, since it needs to hit the hard drive to find if you have .htaccess in every directory up to the DocumentRoot 2. What you set in .htaccess applies to all directories *BELOW* (and including) the .htaccess file. So it would affect the applications installed in descendent-directories of the directory containing the .htaccess -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
