[SOLVED] End Session!

[budimir]

Hey guys,

 

I need help with ending sessions.

 

1.) I wan't to end session when a user closes his web explorer

2.) I wan't to end sesion after some time of users inactivity

 

Can you help me out with this.

 

I have managed to do a logout.php which is called when users pushes a button. But I need to do it automaticlly when one of this two cases happens.

 

Help!!!!

[DeanWhitehouse]

first off, when they close the browser the session is ended, and the session is automatically ended after 30mins i think, without it being started again , there may be a way to change this in the php ini file.

[ratcateme]

when a user exits there browser there php session cookie should automatically be deleted. as for a period of inactivity you could add smoe lines like this to the tops of all your pages

<?php
$inactivity = 3600; //1 hr = 60 mins = 3600 seconds
$time = time();
if(($time-$_SESSION['last_active'])>$inactivity){
    //log user out
}else{
    $_SESSION['last_active'] = $time;
}
?>

 

Scott.

[JasonLewis]

Number 1 happens automatically. When all the browser windows are closed the sessions are destroyed as well.

 

Number 2...

I'll walk you through it, then if you need further help just say so.

Firstly you'll need a database, you've probably already got one. Then you'd need a column in the user database called "timeout" or something similar.

Then when they login you would set timeout to the current time() + however many minutes you want to sign people out. Then everytime the user reloads the page or goes to a new page you would CHECK to see if the "timeout" field is less than the current time(). If it is, sign them out and destroy sessions. If it's not less than, update the "timeout" field to the new time() + however many minutes.

 

Hope that makes sense. If you wont some example code just say so. But at least try to turn what I've written into something.

 

Good luck.

 

Edit: Or you can use sessions instead of a DB like Scott.

[budimir]

OK, I see what you're saying.

 

I'm putting in DB the session_id which I'm calling for some things to identify the user and the session. And now I need that is automaticlly set to 0 when loged out (for both cases). That is the problem.

 

I can even restart the computer, and the user will still be logged in.

 

Here is a peace of code for the logout I'm executing:

 

<?php
include ("admin/servis/include/session.php");
session_destroy();



$upit = "UPDATE korisnici SET session_id = '0', aktivan = 'OFF' WHERE korisnicko_ime='$korisnicko_ime' and lozinka='$lozinka'";
$rezultat = mysql_query($upit,$veza) or die (mysql_error());

header("Location:index.php");

?>

 

Any ideas???

[ratcateme]

im not to sure about your code but if you restart your pc the internet browser is closed and the session is destroyed.

 

Scott,

[DeanWhitehouse]

try adding session_unset();

aswell

[JasonLewis]

The sessions SHOULD be destroyed as all the windows have been closed, that is, the process stopped.

[PFMaBiSmAd]

A session is just a "container" that holds data between page visits or refreshes of a single page. Don't rely on any thing external to your code to control if a visitor is logged in or logged out (doing things like a setcookie() to delete the session cookie is a waste of processing time and a waste of bandwidth) and don't rely on how sessions operate (session cookie being dropped by the browser or session garbage collection running) to log someone out. Only rely on a specific piece of data on your server to control and determine if someone is logged in or logged out.

 

This is what budimir is attempting to do with the UPDATE query. As long as the query is being executed and updates the correct row and the rest of the code on the site is checking and making use of that data, this should work.

 

budimir, have you looked in the database to see if the session_id column in the correct row has been set to '0'? If the WHERE clause is not TRUE, the query will execute but won't match any rows and nothing will be updated. Are $korisnicko_ime and $lozinka being set correctly? Have you echoed $upit to make sure it contains what you expect?

 

If the column in the database is being updated, than that would mean that the rest of the code on your site is either re-logging them in, due to a logic error, or it is not properly checking the session_id column in the database.

[budimir]

Hey PFMaBiSmAd,

 

I have checked the variables $korisnicko_ime and $lozinka and they are being set correctly. Also I have echoed all of the querys to make sure that all the variables have the correct values. In the DB session_id is always stored in the correct field.

 

But still, when I shut down the web explorer or after sometime, the data in DB isn't set to 0.

 

I still can't see what's wrong. When I hit logout.php the session is destroyed and the in DB is set to 0.

 

????

 

What could be wrong here.

 

check_login.php

 

<?php
session_start();

$start=time();
$_SESSION['time_start'] = $start;

include ("admin/servis/include/db.php");

// Define $myusername and $mypassword 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword']; 

$sql="SELECT * FROM korisnici WHERE korisnicko_ime='$myusername' and lozinka='$mypassword'";
$result=mysql_query($sql) or die (mysql_error());

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"

$upd = "UPDATE korisnici SET session_id='".session_id()."', aktivan = 'ON' WHERE korisnicko_ime='$myusername' and lozinka='$mypassword'";
mysql_query($upd) or die (mysql_error());

header("location:index_glavni.php");
exit;
}
else {
echo "Upisali ste krivo Korisničko ime ili Lozinku!";
}

?>

 

login_success.php

 

<? 
session_start();
include ("admin/servis/include/session.php");

$session_id = session_id();

$upit = "UPDATE korisnici SET session_id = '$session_id', aktivan = '0' WHERE korisnicko_ime='$korisnicko_ime' and lozinka='$lozinka'";
$rezultat = mysql_query($upit,$veza) or die (mysql_error());

if(!session_is_registered(myusername)){
header("Location:logout.php");
} else {
header("Location:index_glavni.php");
}
?>

 

logoutd.php

 

<?php
include ("admin/servis/include/session.php");
session_destroy();



$upit = "UPDATE korisnici SET session_id = '0', aktivan = 'OFF' WHERE korisnicko_ime='$korisnicko_ime' and lozinka='$lozinka'";
$rezultat = mysql_query($upit,$veza) or die (mysql_error());

header("Location:index.php");

?>

 

session.php

 

<?php
session_start();
$session_id = session_id();

include("db.php");

$upit = "SELECT * FROM korisnici WHERE session_id = '$session_id' && aktivan = 'ON'";
$rezultat = mysql_query($upit,$veza) or die (mysql_error());
$row = mysql_fetch_array($rezultat);
$user_id = $row["id"];
$ime = $row["ime"];
$korisnicko_ime = $row["korisnicko_ime"];
$prezime = $row["prezime"];
$userData["status"] = $row["status"];
$lozinka = $row["lozinka"];
$status = $row["status"];
$aktivan = $row["aktivan"];

if (!$user_id){
header("Location:../../logout.php");
}

     $_SESSION['session_time'] = time(); //got the login time for user in second
     $session_logout = 2000; //it means 15 minutes.
     //and then cek the time session
     if($session_logout >= $_SESSION['session_time']){
        //user session time is up
       // update status
   $upit = "UPDATE korisnici SET session_id = '0', aktivan = 'OFF' WHERE korisnicko_ime='$korisnicko_ime' and lozinka='$lozinka'";
   $rezultat = mysql_query($upit,$veza) or die (mysql_error());
   //destroy the session
      session_destroy();
     //redirect to login page
     header("Location:../../../index.php");
    }
?>

[PFMaBiSmAd]

Start by putting an exit; statement immediately after every header("location: ....) redirect. Your code is continuing to execute after you send the header to the browser and I believe (since we don't have access to your system or your database, nor have you posted all of your code, it would be hard for us to test your code) this could be setting the session_id in the database.

 

Also, don't use session_is_registered() (which I see in your code)  or session_register() (which I don't see in your code.) These only work when register_globals are on and they have both been completely removed in php6. You are also not supposed to mix using the $_SESSION array with session_is_registered()/session_register().

[budimir]

OK,

 

I have put exit; after every header redirect. Also I have removed session_is_registered() - this is a peace of code I forgot to remove after I did a clean up of session_register().

 

But still nothing is happening when the browser is shut down or there is a user inactivity.

 

Is there any other way to do this than the way I'm doing it.

 

??

[budimir]

Hey guys,

 

I still haven't solved this problem, can someone help!

 

Can't see what's wrong!

[budimir]

Here is my check_login.php

 

<?php
session_start();

include ("admin/servis/include/db.php");

// Define $myusername and $mypassword 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword']; 

$sql="SELECT * FROM korisnici WHERE korisnicko_ime='$myusername' and lozinka='$mypassword'";
$result=mysql_query($sql) or die (mysql_error());

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
$upd = "UPDATE korisnici SET session_id='".session_id()."', aktivan = 'ON' WHERE korisnicko_ime='$myusername' and lozinka='$mypassword'";
mysql_query($upd) or die (mysql_error());

header("location:index_glavni.php");
exit;
}
else {
echo "Upisali ste krivo Korisničko ime ili Lozinku!";
}

?>

 

And here is my session.php

 

<?php
session_start();
$session_id = session_id();

include("db.php");

$upit = "SELECT * FROM korisnici WHERE session_id = '$session_id' && aktivan = 'ON'";
$rezultat = mysql_query($upit,$veza) or die (mysql_error());
$row = mysql_fetch_array($rezultat);
$user_id = $row["id"];
$ime = $row["ime"];
$korisnicko_ime = $row["korisnicko_ime"];
$prezime = $row["prezime"];
$userData["status"] = $row["status"];
$lozinka = $row["lozinka"];
$status = $row["status"];
$aktivan = $row["aktivan"];
$sesija_id = $row["session_id"];

if (!$user_id){
header("Location:../../logoutd.php");
exit;
}

$_SESSION['session_time'] = time(); //got the login time for user in second
$session_logout = 90; //it means 15 minutes.
//and then cek the time session
if($session_logout >= $_SESSION['session_time']){
       //user session time is up
       // update status
   $upit = "UPDATE korisnici SET session_id = '0', aktivan = 'OFF' WHERE korisnicko_ime='$korisnicko_ime' and lozinka='$lozinka'";
   $rezultat = mysql_query($upit,$veza) or die (mysql_error());
       //destroy the session
       session_destroy();
//redirect to login page
header("Location:../../../index.php");
exit;
}
?>

 

Why is not loging out, when I close my browser????

[DeanWhitehouse]

can you please stop bumping the thread. And when you run the browser again, are you restoring the page .

e.g. firefox says restore previus session, and this sets all the sessions as they where when it was closed.

[budimir]

can you please stop bumping the thread. And when you run the browser again, are you restoring the page .

e.g. firefox says restore previus session, and this sets all the sessions as they where when it was closed.

 

No, I'm not doing that! I start clean FireFox and session is still in. Same thing happens with the IE7.

[DeanWhitehouse]

ok, have you cleared the cache, and all the cookies/sessions saved in it?

[budimir]

Yes, I have even restarted my computer to be sure!

[DeanWhitehouse]

restarting the computer doesnt delete cookies.

[budimir]

I've done that too.

[DeanWhitehouse]

solved ?

[budimir]

Yes, in a little bit diferent way than I wanted.

 

I'm loging out everyone after 3 hours.

 

Still nothing hapening when I close web browser.

 

Can't figure out why.