1

I'm coding an android app that sometimes uses php scripts and I'm now trying to use some Session IDs in the php scripts that I'm using. So when the user loggs (login/pwd) on the webservice from the application a sessionID is created on the webservice/PHP server.

I was wondering what would happend if the session was expired after a moment on the server and that the android device would try to make a request (since it can't know if the session is still working) ? Can the session actually be destroyed if the android httpclient is still in the android app ?

Improve this question

1 Answer 1

Reset to default
1

Expired session only marked as a candidate for garbage collection.

Garbage collector is invoked with some probability before each request.

So even though session expiration time has come - this doesn't mean the session will be destroyed immediately. And if it is accessed after the expiration time reached, but before it was removed - the the expiration time counter starts from the beginning.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.