[imp] next user resuming pre. user session......

David Powicki dpowicki@oit.umass.edu
Wed, 01 Nov 2000 15:49:04 -0500


> No. Like Rich said: if you set a timeout, that's how long the sessions last,
> no matter whether or not you quit the browser. That's what the browser is
> supposed to do.
>
> If you don't set a timeout, then sessions will _not_ be written to disk, and
> will only last as long as the browser lifetime. When a usre quits the
> browser, the session is over.
>

Thanks Chuck.

    Let me see if I have this straight.  I have 2 options

-by default if I leave timeout=0  in the local.inc file IMP sessions will last
as long as the browser is open AND the user has not logged out.  If the user
walks away from a browser with an open window (even if it's minimized) the next
user has open access to that account.

-if I change the lifetime variable to any number greater than zero, I can time
sessions out after a fixed period of time, BUT I run the risk of session
resumption because of the session cookie being written to disk.  Session
resumption is -only- a problem if the user did NOT logout and the predefined
session time has not expired.

David



--

David Powicki     Network Analyst/Postmaster     OIT Network Services
Voice: 413.545.1605  Fax: 413.545.3203    University of Massachusetts
email: dpowicki@nic.umass.edu             Amherst, MA 01003-4640