page.php?PHPSESSID=1

Anon

I don't use cookies.
I call that page in my machine: page.php?PHPSESSID=1
and the count begin to count.
but I close the browser and call that page: page.php?PHPSESSID=1
from other machine and the counter continue with my values

Why the session don't destroy?

page.php:

<?
session_start();
session_register("count");
$count++;
echo "count: $count<br>";
echo "the ssion is: session_id()<br>";
?>

Anon

The Web server has no idea that you've closed the browser. I don't think you'd want your Web browser reporting that sort of event to the sites you have visited.

As I understand it, the session ID will remain valid until it expires (see session.gc_maxlifetime in php.ini) AND the garbage-collection routine "wakes up" (see session.gc_probability).

This is why the session ID is not 1 as in your example, but rather a unique and nonobvious number that was assigned by PHP.

Anon

I am very interested in this issue
I have just posted something else about it

Can't you have javascript close the session on some browser.onClose event?
maybe rederecting the browser to logout.php3, canceling the close event...

Or if you updata a client's cookie every
15 seconds (can we do that!?) and then pick-up some usr_id, last_session_id, last_page_id, seconds_id adn update the database?

shouldn't we check the cookies we are (you are?) accepting everyday while browsing the net and see if they do that this way...specially the 'big ones'...

I just wonder... because i'm sure 'they' have allready managed this a 'long' time ago...

André