"Ng Hwee Hwee" <hhwee@xxxxxxxxxxx> wrote in message news:00dd01c42c46$30e76360$800101df@xxxxxxxxxxx > Hi Torsten, > > Thank you! Thank you! > > just would like to clarify what do you mean by > > >The session life time itself is not critical - the life time of the session > > DATA is. Which means you should unset all session data after the desired > > period of time. > > does it mean that if I set 'session.gc_maxlifetime' = 43200 and then make > sure my user logoff, where my logoff script unset all the sessions, then I'm > on a safe track? I'm designing an intranet, so I can instruct my staff to > logoff and not just close the browser. Will this be okay? I'm not familar > with PEAR yet, but surely would like to learn more about it in future!! If you unset all session data you should be safe, but it's better to REALLY destroy all session data with session_destroy() - take a look at the manual: http://de.php.net/session_destroy This should be called when your users logout. The is the preferred way to end the session. Your users should not just close the browser window - the session will still be active then and all session data would still be available if someone gets hold of the session id. After the logout you should redirect to the login screen WITHOUT forwarding the session id so that a new session is started. I'm not familiar with PEAR::Auth nor PEAR::LiveUser - take a look at it and decide if it's what you want. I'm using the PEAR::HTTP_Session package to control the session data and have my own Auth class to check if a user is logged in, the session is expired and so on. Regards, Torsten > > look forward to your reply! > > thanks again, > Hwee > > ----- Original Message ----- > From: "Torsten Roehr" <roehr@xxxxxxxxxxx> > To: <php-db@xxxxxxxxxxxxx> > Sent: Tuesday, April 27, 2004 6:48 PM > Subject: Re: Session > > > > Hi Hwee, > > > > of course you could set it to 43200 seonds if you want. The > > session.gc_probability value should stay 1 which means that the session > data > > is deleted with a probability of 1 percent. > > > > The session life time itself is not critical - the life time of the > session > > DATA is. Which means you should unset all session data after the desired > > period of time. Maybe it's easier for you to use a ready-made package like > > PEAR::Auth or PEAR::LiveUser: > > > > http://pear.php.net/package/Auth > > http://pear.php.net/package/LiveUser > > > > > > Hope this helps, > > > > Regards, Torsten > > > > > > >>> > > "Ng Hwee Hwee" <hhwee@xxxxxxxxxxx> wrote in message > > news:00d201c42c41$9d3ec710$800101df@xxxxxxxxxxx > > Hi Torsten, > > > > That is a wonderful insight!!! :o) thanxxx! > > > > okie, my 'session.gc_maxlifetime' = 1440 and session.gc_probability = 1. > > > > so, should I change it to something like 43,200 (12hours*60mins*60sec)?? > for > > example, one person works a maximun of 12 hours a day. But does it mean > that > > by lengthening this value, the session will still be kept even if the user > > closes his browser?? > > > > Please advice! > > > > looking forward to solving this!! > > > > many thanks, > > Hwee > > > > > > ----- Original Message ----- > > From: "Torsten Roehr" <roehr@xxxxxxxxxxx> > > To: <php-db@xxxxxxxxxxxxx> > > Sent: Tuesday, April 27, 2004 6:07 PM > > Subject: Re: Session > > > > > > > "Ng Hwee Hwee" <hhwee@xxxxxxxxxxx> wrote in message > > > news:00ae01c42c33$d9d47430$800101df@xxxxxxxxxxx > > > > thanx Mike, > > > > > > > > i'm sure i have session_start() on all my pages. Why I'm so confident > is > > > > because my session gets unset occassionally and not everytime. i > cannot > > > find > > > > a pattern and so it is not a consistent problem.. it's so > unpredictable! > > > > what could be the problem?? > > > > > > Take alook at this option: > > > > > > ini_set('session.gc_maxlifetime', 3600); // 3600 seconds > > > > > > If you don't set it the standard value is 1440 seconds, then your > session > > > data is deleted based on the garbage probablility. Take a look here: > > > > > > http://de3.php.net/session > > > > > > Look out for "session.gc_maxlifetime" and "session.gc_probability". > > > > > > Regards, Torsten > > > > > > > > > > > > > > ----- Original Message ----- > > > > From: "Mikael Grön" <emgee@xxxxxxxxxxx> > > > > To: "Ng Hwee Hwee" <hhwee@xxxxxxxxxxx>; <php-db@xxxxxxxxxxxxx> > > > > Sent: Tuesday, April 27, 2004 3:54 PM > > > > Subject: Re: Session > > > > > > > > > > > > > Session objects has nothing to do with weak network connections. > > > > > If your sessions gets un-set, it's most probably because you forgot > > the > > > > > > > > > > session_start(); > > > > > > > > > > command in the beginning of some file that is using sessions. > Without > > > > > that line, no sessions will be neither stored nor read. > > > > > > > > > > Mike > > > > > > > > > > > > > > > On Apr 27, 2004, at 07:46, Ng Hwee Hwee wrote: > > > > > > > > > > > Hi, > > > > > > > > > > > > I have a problem with my session variables. I set them using for > > e.g., > > > > > > $_SESSION["user"]=$name; > > > > > > > > > > > > However, because of weak network links, somehow my $_SESSION > > variables > > > > > > get unset. Is there a way to still keep the session variables even > > > > > > though the network is unstable?? i.e. as long as my browser is > open, > > > > > > is there a way to still store my session variables? by the way, > i'm > > > > > > not referring to the session ids, I'm referring to the variables > > that > > > > > > i wanted to session_register(). > > > > > > > > > > > > Thank you. > > > > > > > > > > > > Regards, > > > > > > Hwee > > > > -- > > PHP Database Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
