Is SESSION info maintained when a user is diverted to paypal?

Taffd,

I am currently working on a site, that saves User name and Admin status in $SESSION variables. I have no way to destroy the session other than a log out button. As far as I can tell the $Session variables will stay until you clear your cookies or destroy your session.
I have been in and out of my site all day without having to log in again....

If any one knows how to set a time limit on session i would love to know.

the only way i use is to set a session variable of the current time then everytime a postback occurs check this time is greater than (now - 20 mins) and if it is let them continue else destroy the session. works for me.

Thanks jt,
I've just tried moving through several sites and back to mine to see if they were maintained(I'm amazed I hadn't tried it before) and you're correct.
SESSIONS are maintained until I close my browser.

the only way i use is to set a session variable of the current time then everytime a postback occurs check this time is greater than (now - 20 mins) and if it is let them continue else destroy the session. works for me.

Hey Fungus i would love to see a example of how to do that... I went onto the PHP.net and theirs was all funky took 6 variables all the way from year to seconds.....

Also Taffd: If you like i can show you the code i used to destroy my session pretty straight forward.

-Josh

Actually josh, I hadn't thought about destroying sessions or about the need for doing so. I know it took me about two weeks to figure out how to use them.

I've just looked at buddylee's link and below is a paragrph taken from the page

"By default a session lasts until the user closes their browser. This can be changed in the php.ini file by change the 0 in session.cookie_lifetime = 0 to be the number of seconds you want the session to last, or by using session_set_cookie_params"

Good link!

I've just looked at buddylee's link and below is a paragrph taken from the page

"By default a session lasts until the user closes their browser. This can be changed in the php.ini file by change the 0 in session.cookie_lifetime = 0 to be the number of seconds you want the session to last, or by using session_set_cookie_params"

Good link!

Taffd

Thanks for a lot for the info...

My question is this.. what if i don't own the PHP.INI and i cant change that variable? how do i add a time to it then????

josh,
According to that link, if you use "session_set_cookie_params", which you have to use on every page before session_start, you can set the time, in seconds there.

Comments
Thanks for doign the footwork for me

Josh, here's an example from that page

//sets cookie to 1200 seconds or 20 mins
session_set_cookie_params(1200);
session_start();

This article has been dead for over six months. Start a new discussion instead.