On Tue, Jan 13, 2009 at 5:08 PM, Nathan Rixham <nrixham@xxxxxxxxx> wrote: > Frank Stanovcak wrote: >> >> So from everything I've read there is no real way to assure a session >> timeout with out timestamping it myself and dealing with it in code by doing >> a time compare. >> >> bummer. > > you're probably storing the session in a session cookie (which is default) > so session.cookie_lifetime will come in to play; you've got it set to 0 so > no session will timeout until the browser controlling the session is closed > and restarted.. try changing it to 30 as well then you should find all > sessions time out after 30 seconds of in activity > I was under the impression that setting session.cookie_lifetime to something greater than 0 had a few repercussions: 1) The session cookie is written to disk rather than being stored only in memory. 2) Because the cookie now has a lifetime, it is still valid even if the browser closes and reopens within the cookie_lifetime. Neither of these are something I want. Because of that (and the occasional need to persist sessions on clustered web servers) I usually write my own session save handler. Andrew -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php