Alain Roger wrote: > Hi, > > I would like to know what is the best solution for my problem. > > When a user is connected to a https page and a session is open, if user > close his browser, the session ID is still active in the browser > "history". > It means that next time when user will start his browser, the browser > will > re-use the same session ID and will work with php pages without any > problem. > > I was thinking to use cookie to solve this issue, but what should i do > when > user browser refuse cookies ? > > thanks a lot, > This seems odd. By default the session cookie expires when the browser is closed. You can change this by changing ini setting session.cookie_lifetime to something other than default value of zero, in number of seconds. I don't believe using HTTPS changes any of this, I have more than one app that use HTTPS for session cookies and have no problems with it persisting after the browser is closed (well, some browsers can do weird things sometimes... you never really know.) If the browser refuses the cookie, sessions won't work anyway. The session key is sent to the browser as a cookie (unless its in the URL...) www.php.net/session/ Take a look at cookie_lifetime and you might like the cache_expire docs on the same page too. Travis Doherty -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php