 |
 |
 |
 |
|
|
Date: 08/22/01
- Next message: giancarlo pinerolo: "[phplib] Re: [Phplib-users] Re: [phplib] current users?"
- Previous message: Kristian Koehntopp: "Re: [phplib] current users?"
- In reply to: giancarlo pinerolo: "[phplib] auth login/logout logging (was: current users?)"
- Next in thread: giancarlo pinerolo: "[phplib] Re: [Phplib-users] Re: [phplib] current users?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Wed, Aug 22, 2001 at 07:50:29PM +0200, giancarlo pinerolo wrote:
> Session lifetime not = 0 is a tricky choice.
Session lifetime not = 0 is not recommended. lifetime = 0
creates dateless session cookies, which have a different
security state from dated cookies (lifetime <> 0) in many
browsers and in P3P.
Also, if you reject cookies with lifetime = 0, rejecting one
cookie is enough - you will not receive more cookies. Using
dated cookies, PHPLIB must refresh that cookie on each time a
page is served, and you'll have to reject that cookie again and
again on each page (unless your browser provides proper cookie
management). This is very annoying.
I strongly recommend undated session cookies, that is, setting
$sess->lifetime = 0;
Keep in mind that $auth->lifetime and $sess->lifetime are
entirely different things.
Kristian
-- Abbestellen mit Mail an: phplib-unsubscribe <email protected> Kommandoliste mit Mail an: phplib-help <email protected>
- Next message: giancarlo pinerolo: "[phplib] Re: [Phplib-users] Re: [phplib] current users?"
- Previous message: Kristian Koehntopp: "Re: [phplib] current users?"
- In reply to: giancarlo pinerolo: "[phplib] auth login/logout logging (was: current users?)"
- Next in thread: giancarlo pinerolo: "[phplib] Re: [Phplib-users] Re: [phplib] current users?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]