Session configuration problems

[eluser]WanWizard[/eluser]
The way the mechanism works is that a session cookie is sent to the browser containing the session_id. At the next request, this cookie is sent back to the server so the session class can retrieve the correct session.

This cookie has an expiration time, set by the server. The browser evaluates this time, and when it expires, the browser will delete the cookie locally. So at the next page request, no session cookie is sent to the server, causing the server to create a new session record with a new session_id, effectively expiring the previous session.

Every time a page is sent out to the browser, it will contain the session cookie, with an updated expiry timestamp. So it will expire the session after 1800 seconds of no activity, assuming that the time on both server and client are set correctly (as per my previous post).

If you want it to expire a fixed time after it was started, you have to either add a session_create timestamp to the session table (requires extension of the session class, and quite a bit of code), or add the value as a session variable, and check for expiry at every page load. If it expired, terminate the session (by deleting valies, calling sess_destroy(), etc).