Sulman Posted February 8, 2010 Share Posted February 8, 2010 Hey all, I'm looking to extend the session timeout in the ini file to about 12 hours. Will setting the session this long have any impact on server performance etc? Thanks Quote Link to comment Share on other sites More sharing options...
trq Posted February 8, 2010 Share Posted February 8, 2010 12 hours? Use cookies. Session are not persistent storage. Quote Link to comment Share on other sites More sharing options...
Sulman Posted February 8, 2010 Author Share Posted February 8, 2010 Thanks I was thinking about cookies but this is a "logged in" flag so I didn't want people to be able to hack it. will setting 12 hours cause any problems? Quote Link to comment Share on other sites More sharing options...
corbin Posted February 9, 2010 Share Posted February 9, 2010 Session IDs are typically stored in cookies, and browsers typically delete those cookies when closed. As such, you will have to store it in cookies unless you plan on having a user leave his browser open 12 hours. Just remember with cookies, never trust the user data. Instead of having something like: username=corbin loggedin=1 In the cookies, have something like username=corbin password=md5 hash of password (or sha1 or whatever) That way you can actually validate something and not just blindly trust the cookie. Quote Link to comment Share on other sites More sharing options...
Sulman Posted February 9, 2010 Author Share Posted February 9, 2010 Thanks for all your replies, I've increased the session timeout with no performance hit so far and will take your suggestions on board and look at implementing a cookie based secure solution. Thanks all. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.