Search the Community
Showing results for tags 'password protected files'.
Found 1 result
-
Hello there, Hope that someone will be able to help me with the following: I have a page which is password protected, where clients should only have limited access to, i.e. only for a few weeks. Problem being that after they'd log in once, due to cache saving, they would still have constant access to the protected page thereafter. And also due to cache saving, even if taking the page off the server, people would still be able to access that page from their cache and this for an unlimited time, which is not the intention. Now I heard that by using php and a 'forced session time out command' it would solve this problem. As with that, after a certain amount of time, people would be forced to log in again and couldn't view the page from cache. And if I deleted their access credentials after their allowed access period, they wouldn't be able to access the page at all any longer. But I am new to php, only used it for some forms before. At that time I didn't put any php script on the page with the actual form, but only a short php script on the page, people would land on after filling-in the form. Now I need to use php code on the above mentioned password protected directory, as I like to include a 'forced session time out command' on the page. For the password protection I use .htaccess. But regarding the php code, I don't get it to work. This time I only have one single page, that I need people to log in for & so I tried several codes' placements: Tried to have the php code in the password protected file itself, -but despite of asking me to log in, it didn't display the page correctly, as it showed bits of the php code on the page. Tried to create a separate logoutpage.php page with only the php code in it, -but again, that didn't work either, as same result as above. I had placed the php code within the body section. The php code I have for the forced session time out is the following: <?php ; session_start(); // set timeout period in seconds $inactive = 600; // check to see if $_SESSION['timeout'] is set if(isset($_SESSION['timeout']) ) { $session_life = time() - $_SESSION['timeout']; if($session_life > $inactive) { session_destroy(); header("Location: logoutpage.php"); } } $_SESSION['timeout'] = time(); ?> My question: +++++++With not having a form but a password protected file only, where exactly would I place the above (hopefully correct?) php code? And would this solve my problem regarding the 'saved cache' issue? Many thanks for your help.