 |
 |
 |
 |
|
|
Date: 12/08/99
- Next message: nathan r. hruby: "Re: [PHPLIB] phplib and phorum"
- Previous message: Eric Ries: "Re: [PHPLIB] phplib and phorum"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi --
How does everyone else handle "expired" session id numbers?
I have a handle on setting $lifetime to, say, two hours on a shopping site
-- that solves the problem for those people ... but how do I
(conceptually) handle people who (a) have cookies turned off, (b) bookmark
a dynamically-generated product display page, then (c) return 2 weeks later?
I already check all submitted id numbers against my table of completed
orders, which has the fringe benefit of trapping those who use the browser
BACK button after CyberCash has already processed the order ("woops, make
that 3 widgets") ... I guess my "practical" questions are these:
1. where in phplib should I set the trap to disallow an id number that's
over 2 hours old and replace it with a new one ... in the same place I
check it against the orders table?
2. what are the consequences of setting my "age" limit too long or too
short? To me, 2 hours seems like a lifetime (sorry) to browse an
e-commerce site, but ...?
Rambling musings over my first cup of coffee ...
TIA --
Bob.
-
PHP3 Base Library Mailing List. Send messages to <phplib <email protected>>.
To unsubscribe, send "unsubscribe" to <phplib-request <email protected>> in
the body, not the subject, of your message.
- Next message: nathan r. hruby: "Re: [PHPLIB] phplib and phorum"
- Previous message: Eric Ries: "Re: [PHPLIB] phplib and phorum"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]