From: "Ng Hwee Hwee" <hhwee@xxxxxxxxxxx> > okie, my 'session.gc_maxlifetime' = 1440 and session.gc_probability = 1. > > so, should I change it to something like 43,200 (12hours*60mins*60sec)?? > for example, one person works a maximun of 12 hours a day. But does > it mean that by lengthening this value, the session will still be kept even > if the user closes his browser?? Setting your gc_maxlifetime to that means that the server will not delete the users session data files until they are over 43200 seconds old, meaning the user hasn't requested a page in over 12 hours. The session does not exist past the point of closing the browser unless you increase the lifetime of the session cookie itself. I would recommend you just leave it at zero, though, meaning it only persists for as long as the browser window is open. The longer you make the sessions last, the easier it is for someone to hijack them. ---John Holmes... -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
