Quoting Daniel Carrera <daniel.carrera@zmsl.com>:
Is there anything else I can do to make sessions expiry times short? I have already set:
ini_set('session.cookie_lifetime', 0); ini_set('session.cache_expire', 10); ini_set('session.use_only_cookies', 0);
Can I improve on this?
You might try setting both of the following in your php.ini file: <snippet> session.entropy_file string session.entropy_file gives a path to an external resource (file) which will be used as an additional entropy source in the session id creation process. Examples are /dev/random or /dev/urandom which are available on many Unix systems. session.entropy_length integer session.entropy_length specifies the number of bytes which will be read from the file specified above. Defaults to 0 (disabled). </snippet> The only other thing you might consider is changing the session table primary key to a combination of sid and uid and then modify the queries for sid to also include the uid in the includes/session.inc file. Earnie -- http://for-my-kids.com/ -- http://give-me-an-offer.com/