[imp] next user resuming pre. user session......

Rich Lafferty rich@horde.org
Wed, 1 Nov 2000 16:01:15 -0500


On Wed, Nov 01, 2000 at 03:49:04PM -0500, David Powicki (dpowicki@oit.umass.edu) wrote:
>
>     Let me see if I have this straight.  I have 2 options
 
> -by default if I leave timeout=0 in the local.inc file IMP sessions
> will last as long as the browser is open AND the user has not logged
> out. If the user walks away from a browser with an open window 
> (even if it's minimized) the next user has open access to that
> account.
 
Correct; that's a session cookie. You'll notice that this behaves
identically to a telnet session or a Eudora instance, for example.

> -if I change the lifetime variable to any number greater than zero,
> I can time sessions out after a fixed period of time, BUT I run the
> risk of session resumption because of the session cookie being
> written to disk.  Session resumption is -only- a problem if the user
> did NOT logout and the predefined session time has not expired.

Correct, except that these aren't session cookies, they're just plain
old cookies.

   -Rich

-- 
------------------------------ Rich Lafferty ---------------------------
 Sysadmin/Programmer, Instructional and Information Technology Services
   Concordia University, Montreal, QC                 (514) 848-7625
------------------------- rich@alcor.concordia.ca ----------------------