Hi,
> So when a user logs in you write a user_id and datestamp to a field in
> your sessions table. Every time the person accesses a page you update
> the datestamp in that record. Then you run a function that checks every
> X minutes if the timestamp is older than X minutes and if so you log the
> person out? Is this correct? How exactly do you log them out? By
> issuing a command to clear the session variables saved during login,
> thus causing function on each page that checks for valid login to fail?
Yeah, that's correct. There is a date_idle column in the database. That
gets updated everytime they move to a new page, or refresh the one they are
on. To time them out, I simply set the date_out column = Now(), issue a
session_destroy() and redirect them back to the login page.
-Dan Joseph
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
