[imp] next user resuming pre. user session......
Rich Lafferty
rich@horde.org
Wed, 1 Nov 2000 16:01:15 -0500
On Wed, Nov 01, 2000 at 03:49:04PM -0500, David Powicki (dpowicki@oit.umass.edu) wrote:
>
> Let me see if I have this straight. I have 2 options
> -by default if I leave timeout=0 in the local.inc file IMP sessions
> will last as long as the browser is open AND the user has not logged
> out. If the user walks away from a browser with an open window
> (even if it's minimized) the next user has open access to that
> account.
Correct; that's a session cookie. You'll notice that this behaves
identically to a telnet session or a Eudora instance, for example.
> -if I change the lifetime variable to any number greater than zero,
> I can time sessions out after a fixed period of time, BUT I run the
> risk of session resumption because of the session cookie being
> written to disk. Session resumption is -only- a problem if the user
> did NOT logout and the predefined session time has not expired.
Correct, except that these aren't session cookies, they're just plain
old cookies.
-Rich
--
------------------------------ Rich Lafferty ---------------------------
Sysadmin/Programmer, Instructional and Information Technology Services
Concordia University, Montreal, QC (514) 848-7625
------------------------- rich@alcor.concordia.ca ----------------------