i have set "session.gc_maxlifetime = 10" in php.ini ,and is reboot apache service.but when i request the example pages after a minites ,the session is active still.the code is :

<?
	session_start();
	echo $_SESSION['Login'];
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>无标题文档</title>
</head>

<body>
</body>
</html>

the result is 1 all the time.how can i destroy the session automaticly. please help me.

yeah.i have solution.the sessionId is save by cookies in client.So the cookie who remember the sessionId will not destroy after close the browser.but the cookie has remember the last time we request the page.So when we close the browser and then open the browser and request the page.the lase-update-time of cookie and sessionId will be send to service. Service receive the cookie's last-update-time and compare with the session files(is a txt file) on service.so service can know if the session is timeout.

//put this at the top of your page and it will stop any unwanted access. it will also kill any session after the user logs out.
<?php
session_start();
    if($username)
    {
        sesion_start();
    }
    else
    {
         session_destroy();
         die ("You must be logged in");
    }
?>

Edited 3 Years Ago by Nick Evan: Fixed formatting

This article has been dead for over six months. Start a new discussion instead.