Closed alohec closed 1 year ago
For example, if you have rolling_timeout set to 3600 seconds (1 hour). The cookie will function for 1 hour. Session:refresh takes care of either calling touch (manipulates just cookie, not the possible server side data or its expiry) or save (creates new row in db and sends s new cookie and expires the old one within 10 secs by default). Calling session.start will also take care of it. And any call to save will also set a new cookie with another rolling_timeout of expiry.
So yes, you got it basically right.
Rolling can limited with absolute_timeout. And time between requests can be limited with idling_timeout (the touching affects only the idling time).
session.start = open + refresh session:refresh = touch or save touch = just updates cookies idling offset save = creates new session with fresh timeouts (the original creation time is carried over if there was already existing session), and possible existing session is set to expire and new cookie will be set.
@alohec, let me know if you have further questions.
The description of the
rolling_timeout
param contains the following:What exactly is meant by "renewed" in this context? Does it simply mean that
session:refresh
is called?