Quoting Daniel Carrera daniel.carrera@zmsl.com:
Is there anything else I can do to make sessions expiry times short? I have already set:
ini_set('session.cookie_lifetime', 0); ini_set('session.cache_expire', 10); ini_set('session.use_only_cookies', 0);
Can I improve on this?
You might try setting both of the following in your php.ini file:
<snippet> session.entropy_file string session.entropy_file gives a path to an external resource (file) which will be used as an additional entropy source in the session id creation process. Examples are /dev/random or /dev/urandom which are available on many Unix systems.
session.entropy_length integer session.entropy_length specifies the number of bytes which will be read from the file specified above. Defaults to 0 (disabled). </snippet>
The only other thing you might consider is changing the session table primary key to a combination of sid and uid and then modify the queries for sid to also include the uid in the includes/session.inc file.
Earnie -- http://for-my-kids.com/ -- http://give-me-an-offer.com/