$_SESSION Termination Issues

[dt_gry]

Okay my login script utilizes $_SESSION. I am wondering how I would terminate a session from the servers side, without user interaction (ie. selecting logout)

 

Thanks

[Maq]

session_destroy();

[dt_gry]

but will that destroy everybodys session?

Because I only want to destroy the users who have been logged on for 3 hours or greater.

 

Thanks

[darkfreaks]

you should really use cookies and sessions both to set time and terminate. look into it.

[bogeyman]

Maybe you can use your database. You can add a field named login_time to your users table to store the date and time of user's login time. Everytime users login, update that field with the current date and time. And, everytime users navigate to the other page, compare the current date and time with that login_time field content. If the gap between them is bigger than the defined time, destroy the session.

 

[JasonLewis]

but will that destroy everybodys session?

 

session_destroy() won't destroy everyone's sessions.

[Maq]

Just like when you have a session variable and you assign an ID to it, not everyone has that id...

 

All you have to do is call session_destroy() whenever you want to end that users session.

[justinh]

If i'm not mistaken don't you have to start the session first before destroying?

 

 

<?php 
session_start();
session_destroy();

?>

[Maq]

Okay my login script utilizes $_SESSION.

 

I'm assuming he's already started one.

[PFMaBiSmAd]

And since session_destroy() only deletes the session data file, which will get recreated with any existing $_SESSION variables when the script ends, it is actually pointless to use session_destroy().

 

To automatically log someone out after they have been inactive for a time, you store their last active time (usually in a database table) and then you check for any last active times older then a limit you set. You can either check on each new page request and switch them to logged out at the start of a page request where too much time has gone past from their last active time or you can use a cron job/scheduled task to periodically switch anyone to being logged out who's last active time is older than your limit.

 

Also, a session is just a container. Don't waste a lot of time or lines of code trying to change how sessions work or when they end. Your application should use specific data to determine if and when someone is logged in/logged out.