Sessions ...

Hi,

I can't find a definitive answer on this:

If I use session variables, like ...

$_SESSION['admin'] = "yes";


How long does the session last ? In my case the pages will be continually refreshed and used, does that mean that the session will last forever, or I have to set session.cookie_lifetime to 0 and then destroy the session if I don't need it any more ?

 

You can destroy it at your leisure, it will last (typically) for the current browser session.

Dan.

 

you can destroy it by calling session_destroy()

 

The session is per-browser.

The session auto-destroy depends on php.ini configuration.
With session.gc_maxlifetime you define the maximum time the session will last.
(It's not exactly this time, there is a probability system ... but it's a good initial point to think on this time)

If the user is continually browsing pages, the session will not expire because this time is "reset" on each page.

Normally, a logout button should include: session_destroy() to directly destroy the session.

More info:http://es.php.net/manual/en/book.session.php

 

By refreshing and refreshing your session wont get killed untill u will exit browser completely

 

Thanks to all that replied

Basically the session lasts as long as you want, as Danltn stated but to use session_destroy() you also need to use session_start() on the same page.

 

You need session_start() anyway, even if you don't use session_destroy().