I just took a thorough look at the Session Handling section in the manual. I couldn't even find any mention of non-cookie session lifetimes. I get the impression they either die on broswer close or have a fixed lifetime that cannot be changed. Hopefully someone can prove me wrong, if only for amusement value. ;)It works something like this:
Used goes to www.foobar.com, session ID is 1
Used clicks on link to foo.php, which has been automagically changed to foo.php?PHPSESSID=1
PHP sees the PHPSESSID GET variable, and uses session ID 1.
User goes to some other site, then comes back to foobar.com by typing it into their address bar
PHP has no way to know the session ID since the user didn't add ?PHPSESSID=1 to the URL, so it uses session ID 2 with new session data
-- The above message is encrypted with double rot13 encoding. Any unauthorized attempt to decrypt it will be prosecuted to the full extent of the law.
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
