Session Expiration

Hello,

I'm working with Sessions for the first time, and I built a test program using code from the Sessions and User Management example from the FAQ. I'm confused about Session expiration.

I have an OnDataReceived event handler with the code below. When the client (browser) connects for the first time, a session is created and a cookie is sent from the server to the browser. After that, each request from the browser contains the cookie, and the server uses its value as ID in the call to FindSession().

What's confusing me is that even though I have set KeepAlive to 10 seconds, the session never seems to expire. I can prevent the client from sending any requests for 20 or 30 seconds, and still, when the next request arrives, the call to FindSession() returns TRUE.

If I put a breakpoint inside the "else" clause, below, I can see what is the expire time, and if I don't hit run until after that time has passed, the session STILL does not expire. Am I misunderstanding KeepAlive, or missing something simple?

BTW, I saw your recommendation to not use cookies when the client is a browser, and I'll try to understand that next!

Thanks,

Joe

if (DS->FindSession(DS->Request->Cookie->Value["session"])==false) {
// false -> expired or no such session -> create a new one
DS->OpenSession();
DS->Session->KeepAlive = 10; // 10 seconds
DS->Response->Cookie->Value["session"] = DS->Session->ID;
}
else {
// session exists -> save some current values
LastUsed = DS->Session->LastUsed;
ExpireTime = DS->Session->ExpireTime;
FinalExpire = DS->Session->FinalExpire;
KeepAlive = DS->Session->KeepAlive;
}