Earnie Boyd wrote:
Thanks. I have to say that I don't really understand that option. I made the change, but I don't understand what I just did.
From http://php.net/session.configuration we see:
session.use_only_cookies boolean session.use_only_cookies specifies whether the module will only use cookies to store the session id on the client side. Enabling this setting prevents attacks involved passing session ids in URLs. This setting was added in PHP 4.3.0. Defaults to 1 (enabled) since PHP 6.0.
Yes. I had read that. But I don't see what that has to do with sessions expiring. For that matter, I don't know what else PHP would be using besides cookies.
Oh oh.... I think I get it. That says that the cookie will only the session id and and other than that no other information will be stored.... Is that right?
Sorry, I'm dumb. When I read that the first time I thought it meant "session id will be stored in cookies but nowhere else" and my reaction was "where else would you store it?".
Daniel.