session handler(PHPSESSID)

Anon

Hi,

I have these few setting below on top of my page to handle my session.

ini_alter('session.use_cookies', '0');
ini_alter('session.use_trans_sid', '1');
ini_alter('session.gc_maxlifetime', '21600');
ini_alter('session.gc_probability', '100');
ini_alter('session.cookie_lifetime', '21600');
ini_alter('session.cache_expire','60');

In creating the session, it is fine. The only way i want to destroy the session is via calling the sess_destroy().

What I trying to do is, set the session automatically destory after 1 hour, as same as the the value i set in gc_maxlifetime. However, it didnt' work. Even I close the browser, the session i store at server still valid.

Any advice is very appreaciated.

Thanks
Louis

p/s: my machine is running PHP4.1.0 and Apache 1.3.23, on Redhat 6.2.

[deleted]

You are trying to alter ini values that you cannot alter.

Read http://www.php.net/manual/en/function.ini-set.php for a list of things you can change.

Also, if you set the cookie-lifetime to any value other than zero, the cookie will stay valid for that time, even if you close the browser.
If you set the cookie and the gc_maxlifetime to one hour, then you must wait one full hour before the session is erased. Accessing the session before that time resets the timers and you have to wait another hour.

A note from the annotations: the GC cleans the sessions after starting the session.
So if you are the only user, then the GC will check your session file after you accessed it (and reset it's timers)
Hence it will never timeout.

Anon

Hi Vincent,

I know some of the setting i set via the init_alter is not listed in the references, but as I I set:

ini_alter('session.use_cookies', '0');
ini_alter('session.use_trans_sid', '1');

It work! Because whitout the setting above(in my php.ini, use_cookies is set to '1', and use_trans_sid is set to '0'), my PHPSESSID will empty and will still store cookie on client pc. So I just try with other setting in php.ini. The purpose I use init_alter for these few setting, because I don't want to affect other program which running on this machine.

So, forget about the setting i can be set in the init_alter(). Let's assume it work, so I should put those setting, after the session_start() on every page?

Thanks
Louis