On Tue, Oct 18, 2011 at 11:36 AM, Dan Nessett <dnessett(a)yahoo.com> wrote:
From what I have read, I thought this would fire up
the session garbage
collector on each access and timeout sessions after 60 seconds. It
appears the latter is true, since if I log in (not setting "remember
me"), edit a page, wait 60 seconds and try once again to edit the page,
the latter is disallowed and the resulting response shows me logged off.
However, when I look at the sessions directory, the session created by my
login is still there. Maybe I don't understand what the garbage collector
does, but I assumed it would destroy the session record if its lifetime
exceeded maxlifetime.
I know this is a PHP question, not a MW question, but I was hoping
someone might fill me in. By the way, I am running PHP 5.3.4.
Off the top of my head I'd guess this:
* around login time, a session is started:
** ID is generated: 123456789abcdef
** session cookie is sent to browser
** /path/to/sessions/123456789abcdef file is stored with the fresh data
* after a while, some other request comes in
** session GC runs, removing the file /path/to/sessions/123456789abcdef
* your first browser reconnects, providing a session ID key in its cookie
** server sees no session with that id, so establishes a new one
** /path/to/sessions/123456789abcdef file is stored with the fresh data
Possibly the request to trigger GC was also your own second request.
-- brion