https://www.webmaster-forums.net/crss/node/1042372 en https://www.webmaster-forums.net/web-programming-and-application-development/php-session-management#comment-1235582 <p>you can try it yourself<br /> set data to a session, goto another page and see if the session isset and has data<br /> then unset the session, turn off your cookies in the browser and try it again</p> <p>when you call "session_start()" (as i presume you are) php sets SID (session ID) and is default set in a cookie<br /> It can be accessed by using that ID in URLS, but now we are getting into issues with SEO and security issues.</p> <p>also, have a read of this if you haven't already<br /> <a href="http://uk2.php.net/session" title="http://uk2.php.net/session">http://uk2.php.net/session</a><br /> its technical rather than informative, but is worth reading through the functions you are using as it has some must read warnings<br /> (i.e. "Do NOT unset the whole $_SESSION with unset($_SESSION) as this will disable the registering of session variables through the $_SESSION superglobal.")</p> Wed, 26 Nov 2008 15:43:38 +0000 greg comment 1235582 at https://www.webmaster-forums.net https://www.webmaster-forums.net/web-programming-and-application-development/php-session-management#comment-1235576 <p>I did not know that - your saying that any session set will also be set as a cookie by default?</p> <p>This must be a php setting then?</p> <p>Or i must unset and destroy all cookies with the same name.</p> Wed, 26 Nov 2008 11:27:38 +0000 benf comment 1235576 at https://www.webmaster-forums.net https://www.webmaster-forums.net/web-programming-and-application-development/php-session-management#comment-1235558 <p>Remember $_SESSION uses COOKIES by default, so it might be a case that the session is being set to a cookie in your browser/pc and not being deleted</p> Wed, 26 Nov 2008 03:33:16 +0000 greg comment 1235558 at https://www.webmaster-forums.net https://www.webmaster-forums.net/web-programming-and-application-development/php-session-management#comment-1235515 <p>Yes and also, i have now transfered my preject to a test directory on my server. Rahter than expecting no user to be logged in there is a user logged in.</p> <p>It seems my session management is not quite right.</p> <p>My authentication stores the session variable generated after login in the database, then i have a auth function that checks the session in the database against the session variable.</p> <p>I thought the session expires after 20 mins by default?</p> <p>Why would i still be logged in after a few days and after transfering my site over to a different server.</p> Tue, 25 Nov 2008 12:54:40 +0000 benf comment 1235515 at https://www.webmaster-forums.net https://www.webmaster-forums.net/web-programming-and-application-development/php-session-management#comment-1235496 <p>You probably should give the SESSION a duration.</p> <p>Usually I let Drupal handle this, there is an autologout module, not sure how it works.</p> <p>You could set a database timestamp, or perhaps a SESSION variable, and renew it with activity, or kill the session after a specified elapsed time...</p> <p>Check out these <a href="http://letmegooglethatforyou.com/?q=expire+php+session+automatically">search results</a></p> Mon, 24 Nov 2008 21:21:38 +0000 decibel.places comment 1235496 at https://www.webmaster-forums.net