Forum Moderators: coopster
I've got a couple of questions about how I should set it up.
Currently php.ini has everything set to default.
My first question is what happens when the user does not have cookies turned on. My settings are below but when I set my browser not to accept cookies the system falls over - these are my settings:
session.use_cookies OnOn
session.use_only_cookiesOffOff
session.use_trans_sid OffOff
What is the use_only_cookies setting for, I would expect this to kick in if the browser doesn't accept cookies.
I track the cookie in a DB so I can manually clear the shopping basket for sessions that have been idle for an hour.
My garbage collection is set to the default:
session.gc_maxlifetime14401440
Does this mean that the system will clean up sessions that were started 24 minutes ago, or sessions that have been idle for 24 minutes?
Also my cookie lifetime is 0 so until the browser is closed, this seems odd. What happens if the user comes back to the session after it has been cleaned up but with a cookie that still points to it - are all session variables destroyed?
Any advice would be appreciated, I've searched but I can't find any definitive answers.
Cheers,
Lee
Many of the answers to the questions here are found right in the PHP Session Handling Functions [php.net] pages. It is the first source for understanding how it all works. Have a read through those docs and see if you still have questions.
1. Using cookie
2. URL rewriting, by appending a unique SESSION id at the end of the URL.
Due to the backward compatibility , default value of session.use_only_cookies is 0. URL rewriting is NOT secured due to attacks involved passing session ids in URLs. You should set it to 1. Btw I guess the latest version of PHP engine shall use cookies only vy default for session handling
[edited by: coopster at 5:35 pm (utc) on Sep. 17, 2005]
[edit reason] removed url per TOS [webmasterworld.com] [/edit]
