Hi, > So when a user logs in you write a user_id and datestamp to a field in > your sessions table. Every time the person accesses a page you update > the datestamp in that record. Then you run a function that checks every > X minutes if the timestamp is older than X minutes and if so you log the > person out? Is this correct? How exactly do you log them out? By > issuing a command to clear the session variables saved during login, > thus causing function on each page that checks for valid login to fail?
Yeah, that's correct. There is a date_idle column in the database. That gets updated everytime they move to a new page, or refresh the one they are on. To time them out, I simply set the date_out column = Now(), issue a session_destroy() and redirect them back to the login page. -Dan Joseph -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php