I set my session parameter so the session is a few minutes long, and if the
user goes inactive for that period the session expires. Two questions:
1) What mechanism actually expires the session? That is, what says "hang on,
the time limit has passed, so that's no longer valid"? It can't be the
browser, since that might be subverted or buggy. So does a browser send an
expired cookie value anyway and trust the website to spot it has expired?
2) How do I tell in my PHP that a session has expired? My code has a
start_session() at the top, and uses of $_SESSION[xxx] underneath, but
somewhere I should be checking that the session hasn't expired, shouldn't
I? Or maybe start_session() does that for me somehow?
--
The email address used to post is a spam pit. Contact me at
http://www.derekfountain.org : <a
href="http://www.derekfounta in.org/">Derek Fountain</a>