I'm looking for a recommended way to time limit sessions. I'd like to limit them both application wide and user. Would it be appropriate (secure/best practice) to use "session.gc_maxlifetime" and/or "session.cache_expire"?
Many thanks M
coopster
1:07 pm on Aug 22, 2006 (gmt 0)
Strict management of sessions will require you to either set garbage collection (gc) to be 100% or on every invocation of session usage, otherwise you will need to manage session timeouts yourself by updating a variable with a timestamp and compare that upon each session_start().
