Re: [PHP] Adjusting Session Times

Tue, 14 Sep 2010 09:59:32 -0700 

At 10:26 AM -0400 9/14/10, Floyd Resler wrote:
We just got a client whose requirement is that user sessions expire after 30 minutes of inactivity. Our other clients are happy with not having their sessions expire during the work day (i.e. life is 8 hours). I am using a MySQL database to store the session data. My thought is to adjust the session expiration in the table based on the client currently logged in. Is this a good approach or would there be better ways to do it? And just to clarify: all clients use the same Web site. 

Thanks!
Floyd


Floyd:


I don't know how others solve this, but my solution is pretty 
straightforward (see code below).



I require this code for every script that is in the secured area. 
Simply put, if the user runs a script, then this script is also run.



As a result, if the user is not logged in they are directed to the 
login script. If the user is logged in, but has exceeded the 
expiration time due to inactivity, then the user is redirected to the 
same login script with a GET value to trigger the login script to 
report that they timed out due to inactivity.



I find it bad practice to tell a user that they are not logged in 
when they did log in. It's better to explain why they have to log on 
again.



Now, with respect to your storing the expiration time in the 
database, that could be done easily enough by this script accessing 
the database, getting, and setting the time-limit -- OR -- at the 
start of any logon have the script pull the time-limit from the 
database and store that value in a SESSION. Either way would work.


In any event, this is what I do.

Cheers,

tedd

========== code

<?php

$redirect = 'http://yourdomain.com/admin/logon.php';

// standard security

$secure = isset($_SESSION['security']) ? $_SESSION['security'] : 0;


if ($secure == 0) // if admin is not logged in -- then redirect to 
the admin logon

   {
   header("location:$redirect");
   exit();
   }

// timed security

$_SESSION['start'] = isset($_SESSION['start']) ? $_SESSION['start'] : 0;

$timelimit = 15 * 60; // 15 minutes
$now = time();

if($now > $_SESSION['start'] + $timelimit)
   {
   logOff();
   $t = '?t=1';
   header("location:$redirect$t");
   exit();
   }

$_SESSION['start'] = time();

// properly logged on pass here

?>


<?php //============  log off  function =============
// to destroy the current session

function logOff()
   {
   $_SESSION = array();

   if(isset($_COOKIE[session_name()]))
      {
      setcookie(session_name(), '', time()-86400, '/');
      }
   session_destroy();
   }

--
-------
http://sperling.com/

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php























					Reply via email to