What is the maximum size that can be stored in a PHP session?
No it is not a valid code. It will destroy the session at the time of loading the php page.
For destroying session on click you should write
<a href="logout.php" >Logout</a>
You can modify another users session (see below), although personally, I would recommend against it. As I imagine it can open up a whole world of session hijacking and other vulnerabilities.
With your example use case
A common user is logged, while in the same time an administrator uses the Admin functions and change some value for this user. If the value is not something obtained from the database every time, the session variable for that current logged in user need to have its value changed.
You would be better of updating the value in the database and then just checking to see if it's changed before you process the next page. If you don't want to be checking multiple user fields before each page load then when you update the user in the admin panel, you can build a hash of the values and add it to a new column called session_hash. Then just compare this field on page load
But if you still want to modify another user's session, you can set your current
session_id to the targets.
// End my current session and save its id session_start(); $my_session_id = session_id(); session_write_close(); // Modify our target session session_id($target_id); session_start(); $_SESSION['is_logged_in'] = false; session_write_close(); // Start our old session again session_id($my_session_id); session_start();
Example Src: https://gist.github.com/SamJUK/c220e3742487567c6262238edf85695e
You might need to read up on the length of the max concat here.
Command-Line Format --group_concat_max_len=# Option-File Format group_concat_max_len Option Sets Variable Yes, group_concat_max_len Variable Name group_concat_max_len Variable Scope Global, Session Dynamic Variable Yes -- Permitted Values Platform Bit Size 32 Type numeric Default 1024 Range 4 .. 4294967295 -- Permitted Values Platform Bit Size 64 Type numeric Default 1024 Range 4 .. 18446744073709547520
Edit: I find it rather amusing that the string that is returned to you is 1024 in length - which just happens to be the default max length in mysql. Coincedence?
Depends on session.hash_function and session.hash_bits_per_character.
Check out the session_id page for more info.
The higher you set session.hash_bits_per_character the shorter your session_id will become by using more bits per character. The possible values are 4, 5, or 6.
When using sha-1 for hashing (by setting ini_set('session.hash_function', 1) the following session string lengths are produced by the three session.hash_bits_per_character settings:
4 - 40 character string
5 - 32 character string
6 - 27 character string
You can store as much data as you like within in sessions. All sessions are stored on the server. The only limits you can reach is the maximum memory a script can consume at one time, which by default is 128MB.
(Similar answers: Ideal PHP Session Size? - some useful comments)