Hi Brad, yes this is one possibility, but since i use https, i should not be afraid by storing data in $_SESSION variables. So i see that solution as a heavy one. Is there another possibility ? thanks, Al. On 3/21/07, Brad Bonkoski <bbonkoski@xxxxxxxxxxxxxx> wrote:
Alain Roger wrote: > Hi, > > I would like to know what is the best solution for my problem. > > When a user is connected to a https page and a session is open, if user > close his browser, the session ID is still active in the browser > "history". > It means that next time when user will start his browser, the browser > will > re-use the same session ID and will work with php pages without any > problem. > > I was thinking to use cookie to solve this issue, but what should i do > when > user browser refuse cookies ? > > thanks a lot, > Why not store the session data in a database and set an expiration for that session, so even if the session data is preserved it would be expired, and thus force the user to re-authenticate or reload their session variables. -B
-- Alain ------------------------------------ Windows XP SP2 PostgreSQL 8.1.4 Apache 2.0.58 PHP 5
