[imp] next user resuming pre. user session......
David Powicki
dpowicki@oit.umass.edu
Wed, 01 Nov 2000 15:49:04 -0500
> No. Like Rich said: if you set a timeout, that's how long the sessions last,
> no matter whether or not you quit the browser. That's what the browser is
> supposed to do.
>
> If you don't set a timeout, then sessions will _not_ be written to disk, and
> will only last as long as the browser lifetime. When a usre quits the
> browser, the session is over.
>
Thanks Chuck.
Let me see if I have this straight. I have 2 options
-by default if I leave timeout=0 in the local.inc file IMP sessions will last
as long as the browser is open AND the user has not logged out. If the user
walks away from a browser with an open window (even if it's minimized) the next
user has open access to that account.
-if I change the lifetime variable to any number greater than zero, I can time
sessions out after a fixed period of time, BUT I run the risk of session
resumption because of the session cookie being written to disk. Session
resumption is -only- a problem if the user did NOT logout and the predefined
session time has not expired.
David
--
David Powicki Network Analyst/Postmaster OIT Network Services
Voice: 413.545.1605 Fax: 413.545.3203 University of Massachusetts
email: dpowicki@nic.umass.edu Amherst, MA 01003-4640