It can initially recognize you via a cookie though. Sure, the session data is long gone. I'm not arguing that. But the cookie isn't. If it sees the cookie, then you don't have to login, and a new session is started for you. The default value of session.cookie_lifetime is 0, so unless your server admin will make the change for you, or you have access yourself, then yes it'll work exactly as you said. As soon as you close your browser, you'll have to relogin the next time you visit the forum.
Here it is in Scream's own words (from the config.inc.php file):
// Do you want to use sessions or cookies to track your users

// If using sessions and php.ini isn't set to use cookies for sessions

// with a lifetimevalue for session.cookie_lifetime then users will need

// to login upon each visit.

// values = "cookies" or "sessions";

$config['tracking'] = "sessions";
So you see, you CAN use sessions, and not have to relogin each time.
BTW I linked to the wrong forum last time, <a href="http://www.thetechguide.com/forumphp" target="_new">http://www.thetechguide.com/forumphp</a> is the php one.

The cookie that is saved in reference to the session data is a random combo of alphanumeric values. It DOES matter that the session data has been deleted. Obviously you and Scream are both misinformed. Go read the PHP documentation on sessions handling.

Doug

<a href="http://www.netherworldrpg.net" target="_new">http://www.netherworldrpg.net</a>

Wouldn't be the first time I was misinformed:). Makes sense though since I had to switch over to cookies to make it so users didn't have to login upon each visit.

---

Scream

WWWThreads Developer

Ok, here's what I know. Before I edited session.cookie_lifetime, I had to re-login every time I visited my php forum. Once I set the value to the same that was in my config.inc.php, I didn't have to relogin until a few days passed (the default lifetime was 1036800 seconds btw). Once I changed that value to 31536000 (both in config.inc.php and in the php.ini file) I haven't had to relogin once.

I didn't make any other changes to either the forum itself or the php.ini file. And it recognizes me each time. So if I am wrong here, don't tell my server. At least it believes me and is working the way I think it should <img border="0" title="" alt="[Smile]" src="images/icons/smile.gif" />

You're not following me. [bold]Because you keep accessing your boards. Everytime you access your boards the timer that is counting down until your session data, which is saved on your server is being reset to it's max setting (those gc_ variables I keep talking about). The limiting reactor in this equation was your cookie expiration time, but now with the long cookie expiration time, your limiting reactor should be your session data expiration time. Don't access your site (not just your boards) for say 2 weeks and we'll see.

Doug
<A HREF="http://www.netherworldrpg.net" target="_new">http://www.netherworldrpg.net</A>

There's no way I can go two weeks without visiting my site! But, it's simple enough to delete everything in my sessions directory. Ok, you're at least partially right, since I had to relogin. But, setting a longer expiration for the cookie still has the desired effect (i.e. I don't have to relogin all the time).

So, if you want to use sessions, but want don't want to have your users login for each visit, just set the cookie lifetime up a bit. As long as the users visit the forum once every couple of days it shouldn't log them out right? And if they don't visit that much, they'll just have to put up with relogging in won't they? <img border="0" title="" alt="[Smile]" src="images/icons/smile.gif" />

I think the BEST thing would be if W3T set a standard cookie and used that to authenticate first. If it recognizes the user, then it automatically starts a session for them. If not, then they're required to login. So, initial login via cookie, subsequent authentication via sessions. Is that possible?

Yes you're right in that aspect, I agreed with you on that a while ago.
As far as that login method you speak of, sure it's possible just going to take a lot of messing with the HTTP Header... I think PHP4 fills the header in reverse... or was that PHP3? I forget now. But that would definately make a difference.

Doug

<a href="http://www.netherworldrpg.net" target="_new">http://www.netherworldrpg.net</a>