On Fri, 22 Nov 2002 14:57:23 +0900, you wrote: [...] >1- the user logs in >2- bookmarks the page >3- closes the browser >4- opens the browser >5- goes to the saved bookmark page > >He has access to the page. I.e. the session did not close/terminate when >he closed his browser ...
I 'm not where I can test this right now, but if a session is older than session.gc_maxlifetime, isn't it invalid anyway? I.E. if I bookmark a page on your site and then come back 3 hours later passing an old SID, shouldn't that session have expired on the server by that time, in which case the session vars would be empty and you could kick me back to your login page? I personally use a custom session handler (MySql based, which I got from www.phpbuilder.com) and I believe this is how my site behaves, but I'm not for certain. I'll try to test it out and see... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
