I'm looking for help trying to do away with an error I get from time to time in my access control session logic. Here is my session setup from the php.ini:
session.save_handler = files session.save_path = /tmp session.use_cookies = 1 session.use_only_cookies = 1 session.name = PHPSESSID session.auto_start = 0 session.cookie_lifetime = 0 session.cookie_path = / session.cookie_domain = gsfc.nasa.gov session.cookie_secure = On session.serialize_handler = php session.gc_probability = 100 session.gc_maxlifetime = 1800 session.bug_compat_42 = 0 session.bug_compat_warn = 1 session.referer_check = session.entropy_length = 32 session.entropy_file = /dev/urandom session.cache_limiter = session.cache_expire = 180 session.use_trans_sid = 0
Now, to my understanding, with this setup, the session cookie should be good for as long as the browser is open, the garbage collector will be run on any session startup, and a session should be considered garbage after 3 hours. My problem is that these settings don't always seem to be followed. Even after sitting for only 60 minutes sometimes, if I click on the logout button in my interface (which executes the following code), I get a session_destroy error, about it the session being called for destruction not being found....
if ((!empty($_GET['action'])) && ($_GET['action'] == "logout")) {
session_unset();
if (!empty($_SESSION['logged_in'])) {
session_destroy();
}
}The only other code is simple HTML output. The session variable "logged_in" is set upon successful login initially. My rationale for that variable is that if the session file gets removed via the garbage collector, then that check above should fail, and the session_destroy function won't be called. But this doesn't seem to ever work. Is there anything I'm missing here? Any help would be appreciated. This is all running on Apache 1.3.29, using Redhat 8 with all current updates, and PHP 4.3.4.
Thanks in advance for any help you may have.
-------
Tim
[EMAIL PROTECTED]
