[FX.php List] Strange session variable behavior

[Bob Patin]

Hi,

I'll take a look at that; I wonder if one of the OS X Server updates  
updated PHP and over-wrote the setting.

The login is very simple, just a search in the database; I don't  
write to cookies for this particular site yet, although I'll add that  
at some point (still early in the development). So all I'm doing is  
saying, "if the record's found, set the session variable to a  
string." So I would assume that, by closing the browser, I'd dump the  
session and that would be the end of it. Naturally, I'm using  
"session_start()" at the top of each page.

I just did a phpinfo() and see that session.cookie_lifetime is set to  
0; session cache expire is set to 180, which I assume is minutes.  
However, this morning, when I looked at the site, it had been hours  
since the previous visit, and still the session persisted...

I'm going to restart the server and see if that helps.

incidentally, this is PHP 4.4.4.

Bob


On Apr 1, 2007, at 11:45 AM, Alex Gates wrote:

> Hi Bob-
>
> Do a phpinfo();
>
> Is session.use_cookies ON?
> Is session.cookie_lifetime 0?
>
> From Dan's link:
>
> If you propagate the session ID via cookies, the default cookie  
> lifetime is 0, meaning that the cookie is deleted as soon as the  
> user closes the browser. You can influence the cookie's lifetime  
> with the configuration value lifetime.
>
> Even so - that wouldn't explain why you can access the "logged in"  
> pages from a completely different browser that you haven't logged  
> in with.
> Are you sure you are starting your session at the top of the page?
>
> If you want to post your code you use to login and check for the  
> session, I'd look over it.
>
> Alex

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.iviking.org/pipermail/fx.php_list/attachments/20070401/d32ebd5b/attachment-0001.html