MonitorWare Knowledge Base

In config.php $session_time is set to time() + (some limit)

This is incorrect, this is correct for cookies, but for php sessions, you only need to specify the number of minutes the session is valid for!!!

correct usage is

$sesion_time = X; (replace x with # of minutes session is valid for).

http://us2.php.net/manual/en/function.s ... expire.php

There also seems to be some overlap if i sign in with cookies, then logout, then sign in again without cookies It seems as though the php reads the cookies and keeps the session open. If the defaults are used this can be up to 30days!!!!

I'm not 100% sure about this, I'm still working on it. If anyone else knows php session/cookie management better than me, please take a look.

Also, session_cache_limiter may be used incorrectly? phplogcon sends the header, but it is probably over writen when php sessions are started. Again, not 100% sure. will post, when i figure it out.

Thanks,


P.S. don't mean to tear the code apart, but I'm paranoid of things going wrong. And loosing logs is a huge concern for me.

• Custom phpLogCon configuration?
• Maintenance Contract?
• Installation support?

This triggers a reply phpLogCon seems to have some issues with session handling in general, as I have just discovered via this thread posted on the rsyslog site:

http://www.rsyslog.com/PNphpBB2-viewtopic-t-40.phtml

Besides what you have found, I think we must reconsider the way session variables are used.

And: yes, please tear the code apart. After all, this ability is the real benefit of open source. So why not use it...

Rainer

The release i posted on my site is a good start at proper session timeout. There are a few things that need to be cleaned up. I will see if i can sepend a few more hours tonight to do so.