Hello and greetings,
I have an application I am working on and I have a question about
session timeout and its relationship to the cookie that is set when the
member logs into their account. The time out code drops the session and
logs a timestamp in the database to indicate when the user was last
logged in. That's all fine. The expectation is that if the member comes
back after the time out, then they would be required to login again but
the login code does a check for an active cookie and not a session and
allows the user to access the site apparently creating a new session.
I hope this explanation is clear enough for someone to give me some
ideas about how to go about solving this. As far as I can see, the
session timeout code is only looking at a time stamp in the database to
drop the session. How do I get it to reset the cookie at the same time.
I was thinking that add a conditional to test for an active cookie on
the login but that doesn't cover all the bases like if the member just
went to their CP or some other feature directly. Most of the pages only
require an active cookie for authorization.
Any Ideas greatly appreciated.
thanks, mikesz
_______________________________________________
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com
Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php
