Welcome Guest, Not a member yet? Register   Sign In
Storing session information in permanent cookie

(06-23-2017, 05:32 AM)CINewb Wrote: So the CI session does not have an expiry time, like a regular PHP session would via session.gc_maxlifetime ?

It does, but how and when GC is triggered depends on server configuration.

(06-23-2017, 05:42 AM)Martin7483 Wrote: The CI session does or doesn't have en expire time. It depends on the value you supply

PHP Code:
// It will expire after 2 hours of inactivity
$config['sess_expiration'] = 7200;
// It will expire when you close the browser
$config['sess_expiration'] = 0; 

sess_expiration plays a role, of course, but it's not as simple as that.


Again, this thread is about some auditor saying that cookies with expiry time are a vulnerability (false) ... If you want to argue about how expiry times work, please open a new thread.

Messages In This Thread
RE: Storing session information in permanent cookie - by Narf - 06-23-2017, 05:56 AM

Theme © iAndrew 2016 - Forum software by © MyBB