| Re: session handler auto log out [message #176132 is a reply to message #176099] |
Fri, 25 November 2011 09:40   |
Erwin Moller
Messages: 228
Registered: September 2010
Karma:
|
Senior Member |
|
|
On 11/23/2011 7:53 PM, Denis McMahon wrote:
> On Wed, 23 Nov 2011 10:55:36 +0100, Erwin Moller wrote:
>
>> On 11/23/2011 3:09 AM, Denis McMahon wrote:
>>> On Tue, 22 Nov 2011 16:55:40 +0100, Arno Welzel wrote:
>>>
>>>> > Because the AJAX call will reset the session timer, so the session
>>>> > will never time out.
>>>>
>>>> And where did i say that the AJAX call should be *before* the session
>>>> times out?
>>>
>>> If the ajax call is made after the session has timed out, then you're
>>> back to the previously discussed situation where you get a request
>>> without a valid current session ID and do with it as you wish.
>>>
>>> Any request, whether ajax initiated, a form submission, clicking a
>>> link, grabbing an image etc will send the session cookie from the
>>> client to the server if a session cookie is defined.
>
>> Are you sure a request for an *image* will modify the Session?
>>
>> I thought the Session would only be updated if session_start() is used
>> (directly or indirectly by activation session.auto_start).
>
> Read what I wrote again:
>
> 1) Any request ... will send the session cookie from the client to the
> server if a session cookie is defined.
>
> This is something that the client does - if it has valid (non expired)
> cookies for the server and makes a request to the server, it sends the
> cookies.
>
> So yes, the client browser sends the cookies with every request,
> including images etc.
>
> If the request is then served by php (and you can serve any content with
> php) _and_ that php invokes the session handler, then the php session
> timer is reset in the server, and an updated session cookie will be sent
> back to the client browser.
>
> eg if my web page includes<img src="server/getimage.php?imgid=76">
>
> and getimage.php looks something like:
>
> <?php
> session_start();
etc..
<snip>
Hi Dennis,
OK, Then we agree completely.
The reason I interrupted was simply that we were discussing updating
session expiration. In that context your former posting could easily be
misinterpreted, although you didn't write it exactly that the session
expiration would be updated by a typical image request (no PHP involved).
And I just wanted to make that point clear. :-)
Regards,
Erwin Moller
--
"That which can be asserted without evidence, can be dismissed without
evidence."
-- Christopher Hitchens
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]