--- Jean-Christian Imbeault <[EMAIL PROTECTED]> wrote:
> This now hands me a dilemma ... I was building my site
> conservatively, i.e. assuming the user would have
> cookies turned off. And so I am making heavy use of
> session variables. *But* I had thought that if the
> user had cookies enabled
On Sun, 24 Nov 2002 17:01:21 +0900, you wrote:
>Michael Sims wrote:
>>
>> Then I suppose it's just an added feature of the session handler I am
>> using. Maybe the OP should give it a shot, as I use it and I
>> definitely don't have a problem with expired sessions
>
>I'll think about writing my
At 14:15 24.11.2002, Jean-Christian Imbeault said:
[snip]
>Oh, this site is just your regular, run-of-the-mill, amazon.com copy.
>
>For each open session I store up to 20 variables. It's not a lot, but
>each access to a script means a disk read/write so they
At 13:10 24.11.2002, Jean-Christian Imbeault said:
[snip]
>This now hands me a dilemma ... I was building my site conservatively,
>i.e. assuming the user would have cookies turned off. And so I am making
>heavy use of session variables. *But* I had thought
Justin French wrote:
What sort of stuff are you storing in the session that your are worried
about with too many writes?
Oh, this site is just your regular, run-of-the-mill, amazon.com copy.
For each open session I store up to 20 variables. It's not a lot, but
each access to a script means a
on 24/11/02 11:10 PM, Jean-Christian Imbeault ([EMAIL PROTECTED]) wrote:
> This now hands me a dilemma ... I was building my site conservatively,
> i.e. assuming the user would have cookies turned off. And so I am making
> heavy use of session variables. *But* I had thought that if the user had
>
Ernest E Vogelsinger wrote:
No, that's a misunderstanding. Session var's are never passed to and from
the client, only the session _name_ is passed, either via a cookie
(PHPSESSIONID) or via trans-sid href encoding.
Thanks for clearing that up! I hadn't realized that only the session
name was
At 08:56 24.11.2002, Jean-Christian Imbeault said:
[snip]
>session.gc_maxlifetime does set the lifetime of a session, but a session
>will not be cleaned by PHP until session.gc_probability has been hit.
>Again, if my understanding is correct, PHP doesn't au
At 08:47 24.11.2002, Jean-Christian Imbeault said:
[snip]
>Ernest E Vogelsinger wrote:
> >
>> if ($_COOKIE[$_SESSION['cookie_name']] == $_SESSION['cookie_token']) {
>
>Ok, please forgive my ignorance, but in PHP isn't $_COOKIES the same as
>$_SESSION?. I
Michael Sims wrote:
Then I suppose it's just an added feature of the session handler I am
using. Maybe the OP should give it a shot, as I use it and I
definitely don't have a problem with expired sessions
I'll think about writing my own session handler as it can be quite
useful. However I nee
Michael Sims wrote:
I 'm not where I can test this right now, but if a session is older
than session.gc_maxlifetime, isn't it invalid anyway? I.E. if I
bookmark a page on your site and then come back 3 hours later passing
an old SID, shouldn't that session have expired on the server by that
time
Ernest E Vogelsinger wrote:
>
if ($_COOKIE[$_SESSION['cookie_name']] == $_SESSION['cookie_token']) {
Ok, please forgive my ignorance, but in PHP isn't $_COOKIES the same as
$_SESSION?. I thought it was if the user had cookies turned off (and
even if the user had cookies turned on come to t
On Fri, 22 Nov 2002 15:08:31 +0100, you wrote:
>I don't think the session handler checks session expiry - only gc does. I
>haven't checked the PHP sources yet, but I found out that on my development
>server (where we definetely don't have a lot of traffic ;->) session files
>can persist over night
Jean,
This is a common challenge with a pretty easy solution.
First, in case you are curious why the session can be reestablished,
the bookmarked page likely has the session identifier in the query
string. Thus, it is unnecessary for the browser to send a cookie,
because it is sending the session
At 15:08 22.11.2002, Michael Sims spoke out and said:
[snip]
>I 'm not where I can test this right now, but if a session is older
>than session.gc_maxlifetime, isn't it invalid anyway? I.E. if I
>bookmark a page on your site and then come back 3 hours later
On Fri, 22 Nov 2002 14:57:23 +0900, you wrote:
[...]
>1- the user logs in
>2- bookmarks the page
>3- closes the browser
>4- opens the browser
>5- goes to the saved bookmark page
>
>He has access to the page. I.e. the session did not close/terminate when
>he closed his browser ...
I 'm not where
On Friday 22 November 2002 16:44, Jean-Christian Imbeault wrote:
> Jason Wong wrote:
> > If you set it 100, then _every_ request in which sessions are used, PHP
> > has to go through all the session files (by default stored in /tmp) and
> > check whether they have expired. If you have a busy server
At 09:28 22.11.2002, Jean-Christian Imbeault said:
[snip]
>> This is controlled by the session.gc_probability value in your INI file
>
>I know I can probably find this in the documentation somewhere but ...
Forgot to add this (sorry):
http://www.php.net/man
At 09:25 22.11.2002, Jean-Christian Imbeault said:
[snip]
>> What I usually do (I also have session cookies switched off) is to send the
>> user a session cookie when he logs in. This way I can use cookieless
>> sessions, but when it comes to sensitive areas
At 09:28 22.11.2002, Jean-Christian Imbeault said:
[snip]
>> This is controlled by the session.gc_probability value in your INI file
>
>I know I can probably find this in the documentation somewhere but ...
>how do I set the expire time on a session?
The se
Jason Wong wrote:
If you set it 100, then _every_ request in which sessions are used, PHP has to
go through all the session files (by default stored in /tmp) and check
whether they have expired. If you have a busy server you could have thousands
of session files. Checking thousands of files at
On Friday 22 November 2002 16:28, Jean-Christian Imbeault wrote:
> Ernest E Vogelsinger wrote:
> > This is controlled by the session.gc_probability value in your INI file
>
> I know I can probably find this in the documentation somewhere but ...
> how do I set the expire time on a session?
>
> > In
Ernest E Vogelsinger wrote:
This is controlled by the session.gc_probability value in your INI file
I know I can probably find this in the documentation somewhere but ...
how do I set the expire time on a session?
Increasing this value will make this
process more often, setting it to 100 will
Ernest E Vogelsinger wrote:
Definetely yes.
After reading Justin's post I realized that.
What I usually do (I also have session cookies switched off) is to send the
user a session cookie when he logs in. This way I can use cookieless
sessions, but when it comes to sensitive areas I can be sur
At 08:56 22.11.2002, Justin French said:
[snip]
>PHP cannot possibly know when a user closes a window... PHP regularly
>"cleans out the garbage" of old abandoned sessions, but you cannot expect
>this instantly...
This is controlled by the session.gc_probabil
Justin French wrote:
PHP cannot possibly know when a user closes a window... PHP regularly
"cleans out the garbage" of old abandoned sessions, but you cannot expect
this instantly...
True ... but the browser does.
I think I would not have this problem using cookies since the cookie
would expi
At 08:02 22.11.2002, Jean-Christian Imbeault said:
[snip]
>Is it because I am putting the SID in the URL? I haven't tested with
>cookies yet as I want to get my site working without cookies first.
Definetely yes.
The PHP session is (with the default setup)
PHP cannot possibly know when a user closes a window... PHP regularly
"cleans out the garbage" of old abandoned sessions, but you cannot expect
this instantly...
the only way to kill a session is to kill it on the server with
session_destroy(), which will require the user to access a "logout" scri
Justin French wrote:
I know that for IE Mac users (not sure about NN7) it's not until you QUIT
the application that the session is "terminated"...
I *think* you'll find something similar in Windows... perhaps when ALL open
browser windows are closed and/or the browser app is QUIT, the session wi
on 22/11/02 4:57 PM, Jean-Christian Imbeault ([EMAIL PROTECTED]) wrote:
> I've made a site in PHP and on some pages a user needs to log in first
> before gaining access to the page. (i.e. there is a log in page).
>
> Once the user has logged in I keep that fact in a session variable so
> that he
30 matches
Mail list logo
