There have been threads like this before, where the question was really "why are Cake sessions persisting even after closing and re- opening the browser", and the answer is that you have changed the
define('CAKE_SECURITY', 'high'); in your /app/config/core.php to something other than 'high'. In either 'medium' or 'low' the Cake session id is stored in a cookie that does not expire when the browser is closed. Set it to 'high' and this cookie will expire, and your browser will not have the same session. Wayne's answer is still correct though - unless a user logs out your server cannot know to invalidate their session, which is why they have a timeout limit. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---