[nycphp-talk] Sessions / Cookie question
Rolan Yang
rolan at omnistep.com
Sun Jun 17 08:36:14 EDT 2007
mikesz at qualityadvantages.com wrote:
> ... The expectation is that if the member comes back after the time
> out, then they would be required to login again but the login code
> does a check for an active cookie and not a session and allows the
> user to access the site apparently creating a new session.
>
> I hope this explanation is clear enough for someone to give me some
> ideas about how to go about solving this. ...
>
If you're using sessions, there's no need for the cookie. If you must,
try setting the timeout value of your cookie to the same amount as the
timeout for the PHP sesssion id. Example:
setcookie('somesessionid','MrX-a8g238goenrgarPassHash',time()+60*30);
The example above sets a cookie to expire after (current time + 60
seconds * 30 minutes).
The cookie expires at the designated absolute time and may fail if the
user has the time/date on their computer set incorrectly.
~Rolan
More information about the talk
mailing list