[thelist] Re: Sessions. When do they End?

adams.craigv hup at telusplanet.net
Sun Mar 4 16:47:40 CST 2001 

Hey, thanks for the responses. I totally forgot about the timing out of
session variables. (Duh.)

>From: "lon.kraemer" <lonnie at lkraemer.com>
>What's your purpose for this need?

Oh.. I was trying to design the perfect counter according to my definition
of a "Visit". My definition is like this:
User hits the site and:
1) refreshes, or traverses the site, like a  maniac: one visit
2) closes the browser, then returns: 2 visits
3) goes to yahoo, and returns: 2 visits
4) sits there for an hour then reloads: 2 visits (although maybe they're
baked and enjoying the tracers scrolling my pages up and down? shrug. :))

I think I'll set the timeout to 40 min and consider 5) to be satisfied as
"close enough". But 3) is bugging me.

>From: "Surojit Niyogi" <saniyogi at mail.utexas.edu>
>I'm thinking about what you want to do (kill session variable when they
>leave domain) and i don't think that's possible.  When i build sites around
>session variables, a user can go visit yahoo and then come back into their
>own session.  Another testament to this is Yahoo Mail.  In Yahoo Mail, only
>closing the browser will terminate your session.

I think you're right if:
In the connectionless state of http, the webserver can only tell if a
client is no longer receptive if the browsers' communication port is no
longer accessable. And this port isn't closed until the browser is closed.
So as long as the browser's still open, its port is still receptive.

(I think this is true evidenced by: Sometimes when I close my browser my
firewall will throwup an Intruder Alert! I'll check it out and find its the
webserver's IP I had last visited. I assume it didn't receive a proper
message on browser-close and its checking the remote port's status.)

If that's true: that's rather ... uh, generic. Pity. I suppose threading
isn't well supported in browser/webserver technologies just yet?

I'll have to investigate this further (with a php script that watches the
$REMOTE_PORT).

>What I'm interested in is finding out a way to make it so that the session
>variable ONLY times out when the user closes their browser. I'm not sure how
>this is done.  I usually equip my scripts with some type of session-checking

It seems php4's ini defaults this timeout to '0' ("only die when the
browser is closed"). Odd.. but anyway.. not sure if ASP or CF have a
feature like this.

*** ASIDE: Does anyone have a clue if IE or Netscape has any plans to
support MDI in their browser technologies? I find it odd that MS
(especially) hasn't done so. All their other major products, and most major
products by other retailers for that matter, support MDI in their
applications. Why is only Opera doing it?? In this instance, IE and
Netscape are to browser technology what notepad (SDI) is to ascii editors.
What's up with that?? 3+ Browsers in my taskbar seems a little excessive
and sloppy.

Anyhow, thanks all for the inspiration (and info). :)

-/-\-/-\-/-\-/-\-/-\-/-\-/-\-/-\-/-\-/-\-/-\-/-\-/-\-/-\-/-\-
             My webpage in flux: http://hup.ca/
-\-/-\-/-\-/-\-/-\-/-\-/-\-/-\-/-\-/-\-/-\-/-\-/-\-/-\-/-\-/-

More information about the thelist mailing list