--- Evan Nemerson <[EMAIL PROTECTED]> wrote:
> Well you can change the default from 30 mins to something larger,
> but that has security consequences...
I am speaking to myself as much as anyone, but we should all try to develop the
habit of explaining any such "consequences" that we mention. To do otherwise
doesn't really educate the many people who read these responses, whether now or
in an archive. It only adds to the mystery of certain topics (such as
security).
> Sessions are kind of a hack over HTTP, which is pretty much a
> stateless protocol. There's Connection: keep-alive, but not every
> browser supports it, and I don't think there's a way to hook into it
> from PHP.
Well, persistent connections aren't really intended to provide stateful
transactions (and they don't).
My favorite example to use is Google, because there are two resources that make
up the front page: the HTML and the logo. With previous versions of HTTP,
unless a persistent connection was specifically requested, a separate TCP
connection was established for each transaction. This meant two TCP connections
would be created and destroyed just to render Google. Imagine more elaborate
sites, and you can see how this can really cause performance problems. By
making persistent connections the default (HTTP/1.1), a single TCP connection
can be established, and until all necessary resources are received, the same
connection is used. This makes much more sense. The Connection header allows
you to specify the desired behavior.
Oh, and every major browser I am aware of does support it, but hopefully you
can now see that it is not associated with sessions or even stateful
transactions.
Hope that helps.
Chris
=====
My Blog
http://shiflett.org/
HTTP Developer's Handbook
http://httphandbook.org/
RAMP Training Courses
http://www.nyphp.org/ramp
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
