At 15:08 22.11.2002, Michael Sims spoke out and said:
--------------------[snip]--------------------
>I 'm not where I can test this right now, but if a session is older
>than session.gc_maxlifetime, isn't it invalid anyway? I.E. if I
>bookmark a page on your site and then come back 3 hours later passing
>an old SID, shouldn't that session have expired on the server by that
>time, in which case the session vars would be empty and you could kick
>me back to your login page?
--------------------[snip]--------------------
I don't think the session handler checks session expiry - only gc does. I
haven't checked the PHP sources yet, but I found out that on my development
server (where we definetely don't have a lot of traffic ;->) session files
can persist over night, and the session is still available in the
morning... only when the gc_probability is hit (i.e. at the 100th access),
the file gets removed. At least with my PHP (4.2.2, RH 7.2).
--
>O Ernest E. Vogelsinger
(\) ICQ #13394035
^ http://www.vogelsinger.at/
