On Sat, May 17, 2008 at 4:22 PM, James Colannino <james@xxxxxxxxxxxxx> wrote: > I'm assuming that a session will last as long as the browser is open (or > until it's explicitly destroyed), correct? Are there any security issues I > should be aware of? Since there's a login, I'd be serving this over SSL, > and the user's password would be stored as an SHA1 hash in the MySQL db. Sessions last as long as they are configured for. You can see these values in the php.ini http://php.net/manual/en/session.configuration.php Security concerns: http://talks.php.net/show/phpworks2004-php-session-security -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php