On Tue, 7 Dec 2004 14:20:58 +0100 (CET) Sascha Schumann <[EMAIL PROTECTED]> wrote:
> > setting session.cookie_lifetime to non-zero value leads to > > session invalidation in that time, even if the session is > > active and the user is still working with it. > > Your change affected the code path of standard session > cookies which don't have an explicit expiry date. There is > no point in sending session cookies (=expiring when browser > is closed) on every request. > > The proper way to handle explicit session expiry dates is the > following: Encode the timestamp of the expiry date as part of > the cookie. Check for a certain criteria upon each request. > If that criteria is met, update the cookie on the client > side. Common criterias: > > - one hour/day/week to expiration > - half the lifetime of the cookie has passed > > Using no criteria at all is not a suitable way to deal with > users from my POV. ok then. I'll revert it now and will send you more suitable patch in the evening. -- Wbr, Antony Dovgal aka tony2001 [EMAIL PROTECTED] || [EMAIL PROTECTED] -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
