Hi Dave understood here are our current settings:
from /etc/php/5.6/apache2/php.ini
session.save_handler = files
session.use_strict_mode = 0
session.use_cookies = 1
session.use_only_cookies = 1
session.name = PHPSESSID
session.auto_start = 0
session.cookie_lifetime = 0
session.cookie_path = /
session.cookie_domain =
session.cookie_httponly =
session.serialize_handler = php
session.gc_probability = 0
session.gc_divisor = 1000
session.gc_maxlifetime = 1440
session.referer_check =
session.cache_limiter = nocache
session.cache_expire = 180
session.use_trans_sid = 0
session.hash_function = 0
session.hash_bits_per_character = 5
and from application/config/config.php
$config['sess_cookie_name'] = '*******';
$config['sess_expiration'] = 7200;
$config['sess_expire_on_close'] = false;
$config['sess_encrypt_cookie'] = true;
$config['sess_use_database'] = true;
$config['sess_table_name'] = 'ci_sessions';
$config['sess_match_ip'] = false;
$config['sess_match_useragent'] = false;
#$config['sess_match_useragent'] = true;
$config['sess_time_to_update'] = 3600;
I am guessing these may be defaults.
If I set expire_on_close to true and then test the session when a new CI instrance is created and the user has closed their session can I assume safely they no longer have a browser open on our site?
As I mentioned earlier, we have a boolean value in userdata which I can test for "looged_in to our system or not" but what I really would like to know is if they are still browsing our site and have a current session open (albeit not logged in).
Hope you can see what I am getting at!
Cheers, Paul
