The php.ini directive "session.gc_maxlifetime"?? php.net/session is worth a read
Justin French on 16/08/02 1:51 AM, mintbaggio ([EMAIL PROTECTED]) wrote: > Thanks a lot. > The other day I have talked with one of my classmates and say that > there is nearly no essential differences between session and url > variables, after I read your answer I know that it does have. > I have tried your way of using session, it does make sense in differentiate > between session and url variables. > > I still can't find whether there is a life-time for session. Could you help > me? > Best Wishes! > > ----- Original Message ----- > From: "SHEETS,JASON (Non-HP-Boise,ex1)" <[EMAIL PROTECTED]> > To: "'mintbaggio'" <[EMAIL PROTECTED]> > Sent: Tuesday, August 13, 2002 3:27 AM > Subject: RE: [PHP] Some questions. > > >> Turn off register globals and use the superglobals, if this doesn't make >> sense refer to the PHP manual available at http://www.php.net/manual. >> >> Basically as of PHP 4.1 all session variables are accessible by using >> $_SESSION['name'] for example. >> >> Example1.php >> >> <?php >> session_start(); // start session using session start >> $_SESSION['name'] = 'Jason Sheets'; // create and register a >> variable >> ?> >> >> Example2.php (this file accesses the variable from example1) >> >> <?php >> session_start(); // start session using session start >> print 'Your name is: ' . $_SESSION['name'] . '<br>'; // print line >> containing variable >> >> >> When you have register globals off or you use superglobals post and get >> information will not be propagated to the session array, meaning that even >> if the user sets loggedin=1 in their url when you check if >> $_SESSION['loggedin'] == 1 it will be false unless they logged in. >> >> Jason >> >> >> >> -----Original Message----- >> From: mintbaggio [mailto:[EMAIL PROTECTED]] >> Sent: Monday, August 12, 2002 11:43 AM >> To: [EMAIL PROTECTED] >> Subject: [PHP] Some questions. >> >> Hello >> I'm a Chinese university student,I want to ask some questions about session. >> These days I'm build a website for my university with PHP, But I meet a >> question when I develop the part of User Management: After I have log out >> from a user page(I use "session_unset()" and "session_destroy()"),I can >> return to the page again by click the button "Back"to that pagea and refresh >> >> it, the user page can be shown again. This is unsafe. >> So I want to ask that the function "session_unset" and "session_destroy()" >> will >> destroy session immediately or there is a life-time for session. In my >> memory, >> I think that there is a life-time for session and the life-time can be >> configured. >> >> Another question: >> If the user log page is "main.php",the page for authenticate the user is >> "login.php" >> I use session to store the infomation of user such as : >> session_register($userid); >> But if the variables in the session are unfortunately be known by somebody >> else. >> and he can visit others' information bye the url:"login.php?userid=***",how >> can solve >> these problem? use a ugly but difficult session varable? >> >> Just two questions. >> Thanks a lot. >> Wish back soon! >> Best wishes >> > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
