Page 329 - Beginning PHP 5.3
P. 329

Chapter 10: Preserving State With Query Strings

                              D irective                D escription
                                session.cookie_           How long the session cookie should last for (in seconds). The
                            lifetime                  default is zero, which expires the cookie when the browser is quit.
                                                      Set it to a long value (for example, 1 year) to make a semi -
                                                        permanent session for storing data such as user preferences.
                                                      Alternatively, to increase security for sessions such as login
                                                      sessions, set it to a short value, such as 20 minutes. That way,
                                                      the session will time out if the user waits more than 20 minutes
                                                      between page requests.
                                session.cookie_path       The  path  field for the session cookie. Defaults to  “/”  (the entire
                                                      site). Set this to a subdirectory of your Web site if you want to
                                                      limit the session to scripts inside that folder.
                                session.cookie_domain       The  domain  field for the session cookie. Defaults to  “”  (the
                                                      current server). Change this if you want the session to be
                                                      available to more than one host in the same domain.
                                session.cookie_         The   HttpOnly  field for the session cookie. Defaults to  false .
                            httponly                  Change this to   true  if you want to prevent JavaScript from
                                                      accessing the session cookie.

                                session.auto_start       Defaults to  false . Change it to  true , and PHP automatically
                                                      starts a session the moment your script starts executing, saving
                                                      you from calling   session_start() . Be careful though; if set to
                                                        true  you cannot store objects in sessions (because your classes
                                                      won ’ t be defined at the time the session data is loaded).




                            You can either alter these directives directly in your   php.ini  file, if you have access to it (see Appendix
                         B for details), or you can set them on a per - script basis using the   ini_set()  PHP function:

                             ini_set( “session.cookie_lifetime”, 1200 );  // Set session timeout to 20
                             minutes
                           As well as altering session behavior, you can even write your own custom code to store the session data
                         on the server. For example, instead of letting PHP store the data in temporary files, you might prefer to
                         store it in a database. How to do this is out of the scope of this book, but you can find out more by
                         reading   http://www.php.net/manual/en/function.session - set - save - handler.php .















                                                                                                         291





                                                                                                      9/21/09   9:05:16 AM
          c10.indd   291
          c10.indd   291                                                                              9/21/09   9:05:16 AM
   324   325   326   327   328   329   330   331   332   333   334