我有这个功能来启动安全会话:
function sec_session_start() {
$session_name = 'sec_session_id'; // Set a custom session name
$secure = false; // Set to true if using https.
$httponly = true; // This stops javascript being able to access the session id.
ini_set('session.use_only_cookies', 1); // Forces sessions to only use cookies.
$cookieParams = session_get_cookie_params(); // Gets current cookies params.
session_set_cookie_params($cookieParams["lifetime"], $cookieParams["path"], $cookieParams["domain"], $secure, $httponly);
session_name($session_name); // Sets the session name to the one set above.
session_start(); // Start the php session
session_regenerate_id(true); // regenerated the session, delete the old one.
}
当用户离开我的应用或关闭浏览器时,如何将Cookie设置为过期?基本上,每次用户访问我的应用时,他们都需要重新登录。
答案 0 :(得分:6)
0的生命周期(通常是会话cookie的默认值)正是您所描述的。见http://us3.php.net/manual/en/session.configuration.php#ini.session.cookie-lifetime