http://qs321.pair.com?node_id=56959


in reply to Cookie Seesions -again !

Don't set an expire time for the cookie. This will return a cookie that only persists for as long as the user's browser is open.

You may want to consider providing a method for users to logout, which would remove the cookie from the user's browser and delete the session file on the server. To handle stale session files on the server, store the date of last use in each file (alternatively name the session file with this date) and periodically have a program delete session files older than a certain, reasonable date.