<div id="AOLMsgPart_2_02cf8309-6747-4e8e-a602-4e7d4d0997f1">
<div id="AOLMsgPart_0_6e6468ca-e5e2-49cc-832e-c75ac2576d85" style="margin: 0px; font-family: Tahoma,Verdana,Arial,Sans-Serif; font-size: 12px; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);"><pre style="font-size: 9pt;"><tt>On Wed, Jul 23, 2008 at 09:47:57PM +0200, Daniel McBrearty wrote:<br>
<br>
>And what happens if they never hit log out? Or if their browser<br>
<br>
>crashes and then they try and log in again?<br>
<br>
<br>
<br>
>If you really need this feature, try it the other way around: if<br>
<br>
>someone logs in then you invalidate their first session.<br>
<br>
<br>
<br>
I used to work for a company that never deleted sessions - long history, and dumb assumptions about the reasons for <br>
<br>
keeping the records around...<br>
<br>
<br>
<br>
The suggestion mentioned above, deleting the first invalid session, doesn't solve the problem because it assumes EVERYONE will <br>
<br>
log back in.<br>
<br>
<br>
<br>
An expiration date should be set on any session. There are a number of options you can use to extend this <br>
<br>
expiration date, but the question posed is what to do with sessions where someone doesn't logout.<br>
<br>
<br>
<br>
Simple, each night you have a job run that does some database maintenance - simply delete the expired session records.<br>
</tt></pre></div>
</div>
<div id='u8CABB1B631E280B-1168-C5C' class='aol_ad_footer'><FONT style="color: black; font: normal 10pt ARIAL, SAN-SERIF;"><HR style="MARGIN-TOP: 10px">The Famous, the Infamous, the Lame - in your browser. <A title="http://toolbar.aol.com/tmz/download.html?NCID=aolcmp00050000000014" href="http://toolbar.aol.com/tmz/download.html?NCID=aolcmp00050000000014" target="_blank">Get the TMZ Toolbar Now</A>!</FONT> </div>