[FX.php List] Strange session variable behavior

Alex Gates alex at gandrpublishing.com
Sun Apr 1 10:45:30 MDT 2007 

Hi Bob-

Do a phpinfo();

Is session.use_cookies ON?
Is session.cookie_lifetime 0?

 From Dan's link:

If you propagate the session ID via cookies, the default cookie lifetime 
is 0, meaning that the cookie is deleted as soon as the user closes the 
browser. You can influence the cookie's lifetime with the configuration 
value lifetime.

Even so - that wouldn't explain why you can access the "logged in" pages 
from a completely different browser that you haven't logged in with.
Are you sure you are starting your session at the top of the page?

If you want to post your code you use to login and check for the 
session, I'd look over it.

Alex

Bob Patin wrote:
> Dan,
> 
> So my understanding of session variables has been wrong all this time I 
> guess...
> 
> I thought that if I set a session variable  to "Y" for example, then 
> closed my browser, when I returned, this session variable would have no 
> value yet because I hadn't set it yet in this session.
> 
>  From reading the article you referenced I still am not sure how to 
> ensure that a session ends when someone closes their browser. For 
> example, when I develop a cart, I have always used session variables, 
> and they've worked fine; when someone closes their browser, their cart 
> is emptied, no matter how many items were in it.
> 
> Why, in this current project, does my session variable persist? All I've 
> done is to set it in a previous visit...
> 
> To make it even stranger, I wrote a test page with this on it:
> 
> session_start();
> session_destroy();
> 
> I went to that page, then went BACK to my other page to see the state of 
> my session, and I'm still being told that my session variable has a value.
> 
> Is this something goofy in PHP? Should I restart my server?? :)
> 
> Bob
> 
> 
> On Apr 1, 2007, at 10:51 AM, DC wrote:
> 
>> this:
>>
>> http://www.google.com/search?q=session+variable+browser+close+PHP+tutorial&btnG=Search&hl=en&safe=off 
>>
>>
>> resulted in this:
>>
>> http://devzone.zend.com/node/view/id/1312
>>
>> dan
>>
>>
>> On Apr 1, 2007, at 11:44 AM, Bob Patin wrote:
>>
>>> I'm writing a site where I'm using a session variable to login users 
>>> and either allow or deny access to certain pages in the site.
>>>
>>> When I come back to the site, after closing my browser, my session 
>>> variables are still set; I thought that closing my browser killed any 
>>> session variables--isn't this the case?
>>>
>>> If so, then why doesn't my session variable get dumped when I close 
>>> my browser? For that matter, when I went to a 2nd browser (Firefox), 
>>> I was STILL able to retrieve the session variable...
>>>
>>> Correct me here if I'm wrong; should I not be able to close my 
>>> browser to close out any session?
>>>
>>> Thanks,
>>>
>>> Bob Patin
>>> Longterm Solutions
>>> bob at longtermsolutions.com
>>> 615-333-6858
>>> http://www.longtermsolutions.com
>>>
>>>   CONTACT US VIA INSTANT MESSAGING:
>>>      AIM or iChat: longterm1954
>>>      Yahoo: longterm_solutions
>>>      MSN: tech at longtermsolutions.com
>>>      ICQ: 159333060
>>>
>>>
>>> _______________________________________________
>>> FX.php_List mailing list
>>> FX.php_List at mail.iviking.org
>>> http://www.iviking.org/mailman/listinfo/fx.php_list
>>
>> _______________________________________________
>> FX.php_List mailing list
>> FX.php_List at mail.iviking.org
>> http://www.iviking.org/mailman/listinfo/fx.php_list
> 
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list
> 
> 
>

More information about the FX.php_List mailing list