I am trying to set the session cookie to expire immediately, if the user specifies he is accessing the site from a public computer, and to expire after 100 days otherwise.
I use session_set_cookie_params(), and the session cookie expiration date updates properly, but the session behaves in the following strange way:
After setting the session cookie to expire in 0 days and then closing and reopening my browser and going to my site, I get logged in automatically (meaning the session is still active).
Here is what session_get_cookie_params() returns (which shows the session cookie has a life of 0 days):
session cookie params are Array ( [lifetime] => 0 [path] => / [domain] => [secure] => )
Then if I log out and log into the site again and specify that the cookie should be set to expire at 100 days, I close and re-open the browser and no longer get logged in automatically (suggesting that the session has expired. In this case session_get_cookie_params() returns:
session cookie params are Array ( [lifetime] => 8640000 [path] => / [domain] => [secure] => )
What is the source of this mystery, where an expired session logs me in, and an unexpired one does not?