In article <i4************ *************** ***@comcast.com >,
Jerry Stuckle <js*******@attg lobal.netwrote:
>my scripts execute these statements before doing anything else:
session_save_p ath("/home/myaccountpath/sessions");
session_name(' user_settings') ;
session_start( );
if (session_id() == 'deleted') session_regener ate_id(true);
Wrong. All that you need is session_start() .
Wrong.
Perhaps different ISPs behave differently. Those lines above are
there because they are necessary in my case, and in general cases it
does no harm to include them.
session_save_pa th() is necessary because the default session path
results in sessions that last 20 minutes. There are likely other
ways to cause the session to last as long as the user's browser is
open. Setting one's own path is one way to do it.
session_name() isn't really necessary, but does give a meaningful
name to the cookie set in the user's browser, if the user cares to
look. Since *I* am that sort of user who looks at my cookies, I do
things to cater to other users like me.
session_start() is necessary, but can't occur until
session_save_pa th and session_name have been called.
The 'if' statement above is necessary. When a user logs out and
session_destroy () is called, a session file on the server still
exists but is renamed to 'deleted'. The session cookie is renamed
to 'deleted' (at least it is in Opera). When multiple users access
the site with a session cookie named 'deleted', they will end up
sharing session data. I have tested and verified this behavior, as
well as verified it with the PHP support folks.
You may want to argue about it, but I doubt you'd be able to argue
successfully that the above 4 lines aren't necessary for my site.
-A
