Im on a website, I close all windows and I go back again, and of course Im logged in.
What I need is for website to do otherwise. When I go back not to be logged in - to create a new session on every visit shortly and to hold it all the time (no timeout).
Is there a logical explanation on what things I should watch out when I do this since I managed to do it on local apache, but it doesnt work online?
And thanks :)
When you make the cookie, set the expire date in the past. It should allow you to remain logged in for the session, but once you close the browser, the browser will clear the cookie jar of stale cookies and your session along with it.
If you are indeed closing all windows (and not just all tabs!), then the session cookie should be forgotten -- and a new browser window going to the site should have no session cookie to pass, prompting PHP to create a new session. If your site isn't acting like this, then it may be using a session.cookie_lifetime other than 0, making PHP create a persistent cookie rather than a session cookie.
PHP also has some chance of destroying old sessions each time it runs, in order to reclaim space from sessions that haven't been used in a while. The session.* properties in php.ini determine which sessions get cleaned up (session.gc_maxlifetime) and how often (session.gc_probability and session.gc_divisor). If you want sessions to be valid longer, then set the gc_maxlifetime to a higher value. If you want them to be valid forever, set gc_probability to 0 -- but that's a bad idea, as sessions will never be cleaned up automatically, and will slowly fill up the drive.
