Hi, Is there a way to limit how long a phpsessid is valid for? I noticed that using an url with the original phpsessid attached to the end of it will allow continued access to member area pages (user does not seem to be required to relogin after an expired session). Please let me know. Thank you.
Usually session is active until user closes all browser windows (or reboot computer), or logout from members area. You can limit session time by setting session.cookie_time in php.ini configuration file.
Usually session is active until user closes all browser windows (or reboot computer), or logout from members area. You can limit session time by setting session.cookie_time and session.gc_maxlifetime in php.ini configuration file.
Usually it is at /etc/httpd/conf/php.ini but ask your hosting administrator. You can also put directives to .htaccess file like php_value session.cookie_time 3600 php_value session.gc_maxlifetime 3600