Click to See Complete Forum and Search --> : session timeout
chramya
January 1st, 2008, 11:52 PM
Hi,
Am new to PHP... i create login form with session.. i wish to set my code as if after login i was idle for sometime means it should destroy the session and should go to login form once again..
How can i do this... Pls let me know by some samples codes...
Thanks,
PeejAvery
January 2nd, 2008, 08:46 AM
There are a number of ways to do this. Since you are new, let's look at an easy method.
<?php
// when the user logs in, you need to set this session variable
// this is set for 30 minutes
$y = date('Y');
$m = date('m');
$d = date('d');
$h = date('H');
$i = date('i');
$s = date('s');
$_SESSION['expireTime'] = date('YmdHis', mktime($h, $i + 30, $s, $m, $d, $y));
?>
Now, at the top of every page (below the starting of the session) that you want secure, you need to use the following for redirection and session destroying.
<?php
// get the expire time and compare
$expireTime = $_SESSION['expireTime'];
$currentTime = date('YmdHis');
if($currentTime > $expireTime){
// now we know that the time is past expiration
session_destroy();
header('Location: login.php');
exit;
}
?>
chramya
January 2nd, 2008, 11:56 PM
Hi,
i updated my code like u said.. But am getting "undefined index:expire time" error........
This is my code... IS this right..... or i have to do any corrections...
<?php
session_start();
// get the expire time and compare
$expireTime = $_SESSION['expireTime'];
$currentTime = date('YmdHis');
if($currentTime > $expireTime){
// now we know that the time is past expiration
session_destroy();
header('Location: main.php');
exit;
}
$conn=odbc_connect('validate','','');
if (!$conn)
{exit("Connection Failed: " . $conn);}
$email=$_POST['email'];
$mypassword=$_POST['mypassword'];
$sql="SELECT * FROM user1 WHERE email='$email' and password='$mypassword' ";
It is giving you that error because the variable has not yet been set. You can do a couple of things. The easiest way is to just put a @ in front of the variable.
$expireTime = @$_SESSION['expireTime'];
Second, you want to call the first bit of code I provided ONLY at the login.
I did as u said..... but it doesnt goes apart from destroy part.... After login it simple redirects it to login page once again... wat to do to get clear result..
Thanks,
PeejAvery
January 3rd, 2008, 01:27 AM
Don't use session_register. Use $_SESSION['variablename'].
I will have to look more tomorrow morning. I need sleep.
PeejAvery
January 3rd, 2008, 07:40 AM
Okay, here is a revised version of your code. Please remember to use code or PHP tags (http://www.codeguru.com/forum/misc.php?do=bbcode) when posting. I would also suggest indenting your code for organization purposes.
I fixed the $expireTime variable with ternary logic setting it accordingly so that the session won't be destroyed constantly. I also put and isset() statement so that the authentication only happens when it is finding a POST variable.
<?php
session_start();
// get the expire time and compare
$currentTime = date('YmdHis');
$expireTime = (isset($_SESSION['expireTime'])) ? $_SESSION['expireTime'] : $currentTime;
if($currentTime > $expireTime){
// now we know that the time is past expiration
session_destroy();
header('Location: main.php');
exit;
}
Saves somewhat memory for variable allocation and typing effort :) unless I'm missing something.
PeejAvery
January 11th, 2008, 10:00 AM
Just wondering why use all those single char variables for date and time when the date() function is clean enough in my opinion.
...
Saves somewhat memory for variable allocation and typing effort :) unless I'm missing something.
Yes, that is true. That is just habit for me. Because the web apps that I write, I use those date variables ($y, $m, $d, $h, $i, $s) throughout my code. So instead of setting them multiple times, I just set them at the beginning once and for all.
EDIT: Plus, I would rather have more lines of code with shorter line length. It is easier for reading.
chramya
January 17th, 2008, 11:18 PM
I update my code as u said.... After 5 min of ideal time if refresh the page means then only it gets redirected.... To make it redirect automatically wat i have to do....
thanks,,
PeejAvery
January 18th, 2008, 08:14 AM
What does it matter if it redirects right away after 5 minutes or when the user tries to see a new page? Honestly, I see that extra step as a waste of time. And it will take you a little while to code.
Either way, the only way to do that is to use AJAX. You will have to use JavaScript to create a timer to send an AJAX request to the server. Then that server-side script will check the refresh times and send back the client whether or not to refresh. The user can easily disable JavaScript to keep this from happening.
chramya
January 19th, 2008, 12:37 AM
It redirects when the user refresh the page.... But i wants it to redirect automatically if the user doesn`t touch that page.....
PeejAvery
January 19th, 2008, 01:06 AM
Read my last post.
codeguru.com
Copyright Internet.com Inc., All Rights Reserved.