oh, i forgot to mention, i create new session id on
each login, and pass it on in the url, something like
/page.php?sess=$sess_id
If you want, you could also assign the user's ip with the current session
for a little higher security, i havent bothered as i feel this is safe
enough.
/Martin
> -----Original Message-----
> From: Martin Lindhe
> Sent: Wednesday, September 12, 2001 5:34 PM
> To: [EMAIL PROTECTED]
> Subject: RE: [PHP] how to set session expiration
>
>
> > hello everyone,
> >
> > how can i set the expiration of my sessions with or without
> > the cookies enabled? say if a user idles for some time, the
> > session will now expire.
> >
> > TIA!
> > jessie
>
> I'm using a solition that's something like this:
>
>
> first, each time a user logs in to the site, a timestamp is added
> to his user entry in the database.
>
> then, at top of each page view, you call a function like this
>
> $username=getUserName($db_handle,$sess_id); //$sess_id is my
> own created 30
> char-random letter string
> if(!$username) { echo "You're not logged in, die!"; die; }
>
> This function returns the username assigned with the current
> session id,
> and also checks wether last timestamp is older than X
> minutes, if it's not,
> it updates it, if it is, it throws the user out.
>
> Here's the function (60*20 gives user max 20 minutes time of
> idling, then
> he/she must log in again):
> --snip--
> function getUserName($db,$sessionID) {
> $query_idd = mysql_query("SELECT * FROM tblUsers WHERE
> ID='$sessionID'", $db);
> if (mysql_num_rows($query_idd) == 0) {
> return "";
> } else {
> $row = mysql_fetch_array($query_idd);
> $diff = time() - $row["lastlogin"];
> if ($diff > (60*20) ) { echo "Connection timed out<br>";
> die; }
> $newstamp = time();
> $updatestamp = mysql_query("UPDATE tblUsers SET
> lastlogin='$newstamp' WHERE username='".$row["username"]."'", $db);
> return $row["username"];
> }
> }
> --snip--
>
>
> and here's the function i use to create a random id:
> function getRandomID($db,$table) {
> srand((double)microtime()*1000000);
> do {
> $b="";
> for($a=0; $a<30; $a++) {
> $tmp=rand(0,2);
> switch($tmp) {
> case 0: $b.=chr(rand(97,122));
> break; //a-z
> case 1: $b.=chr(rand(65, 90));
> break; //A-Z
> case 2: $b.=chr(rand(48, 57));
> break; //0-9
> }
> }
> } while (mysql_query("SELECT * FROM ".$table." WHERE
> ID='$b'",$db)===TRUE);
> return $b;
> }
>
> hope this helps!
>
> /Martin
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail:
> [EMAIL PROTECTED]
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
