[PHP] Re: Some questions.

Mon, 12 Aug 2002 13:08:11 -0700 

Perhaps this might help: http://www.php.net/manual/en/function.ini-set.php


      session.save_path "/tmp" PHP_INI_ALL
      session.name "PHPSESSID" PHP_INI_ALL
      session.save_handler "files" PHP_INI_ALL
      session.auto_start "0" PHP_INI_ALL
      session.gc_probability "1" PHP_INI_ALL
      session.gc_maxlifetime "1440" PHP_INI_ALL
      session.serialize_handler "php" PHP_INI_ALL
      session.cookie_lifetime "0" PHP_INI_ALL
      session.cookie_path "/" PHP_INI_ALL
      session.cookie_domain "" PHP_INI_ALL
      session.cookie_secure "" PHP_INI_ALL
      session.use_cookies "1" PHP_INI_ALL
      session.use_only_cookies "0" PHP_INI_ALL
      session.referer_check "" PHP_INI_ALL
      session.entropy_file "" PHP_INI_ALL
      session.entropy_length "0" PHP_INI_ALL
      session.cache_limiter "nocache" PHP_INI_ALL
      session.cache_expire "180" PHP_INI_ALL
      session.use_trans_sid "1" PHP_INI_ALL
      session.encode_sources "globals track"



Use ini_set to modify these settings...

Regards,
Mitja



"Mintbaggio" <[EMAIL PROTECTED]> wrote in message
000801c24227$b4d1c7c0$[EMAIL PROTECTED]">news:000801c24227$b4d1c7c0$[EMAIL PROTECTED]...
> Hello
> I'm a Chinese university student,I want to ask some questions about
session.
> These days I'm build a website for my university with PHP, But I meet a
> question when I develop the part of User Management: After I have log out
> from a user page(I use "session_unset()" and "session_destroy()"),I can
> return to the page again by click the button "Back"to that pagea and
refresh
> it, the user page can be shown again. This is unsafe.
> So I want to ask that the function "session_unset" and "session_destroy()"
will
> destroy session immediately or there is a life-time for session. In my
memory,
> I think that there is a life-time for session and the life-time can be
configured.
>
> Another question:
> If the user log page is "main.php",the page for authenticate the user is
"login.php"
> I use session to store the infomation of user such as :
> session_register($userid);
> But if the variables in the session are unfortunately be known by somebody
else.
> and he can visit others' information bye the
url:"login.php?userid=***",how can solve
> these problem? use a ugly but difficult session varable?
>
> Just two questions.
> Thanks a lot.
> Wish back soon!
> Best wishes
>
>



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to