(06-23-2017, 05:19 AM)CINewb Wrote: No, the session would remain until the session expires, not indefinitely just because the browser is left open. You could set session expiry time to 20 minutes too if you wanted to. I am talking about the "session" in PHP rather than the cookie itself.
Server-side session invalidation is a broader topic ... it can expire on the 20th minute (if you're lucky or have a really paranoid setup), it can expire after hours (even if you set the gc_lifetime to 20 mins), or it can expire never under certain circumstances.
Let's not hijack the thread.