Using PHP 4.1.2 on Apache 1.3.23 in Mandrake 8.1 (running kernel 2.4).
The gist of it is, I set session variables via $_SESSION... but they never seem to expire!!
I've set session.cookie_lifetime and session.gc_maxlifetime = to 300 (5 minutes, for testing) in my php.ini file... but no good.
I'm merely using a simple isset() to see if $_SESSION[user] is set. If I open my browser and try to access a page that requires a login, it's a no go (which is correct). However, after I log in, I can come back hours later, access a page that requires a login, and it will grant me access to the page as the user I had previously logged in as. The only way to have it "expire" is to close all browser windows (for that browser process).
If anybody can give me any insight on what I'm doing wrong it would be greatly appreciated.
Thanks,
jc
