Jump to content


Photo

Making a session expire problem... *SOLVED*


  • Please log in to reply
13 replies to this topic

#1 pocobueno1388

pocobueno1388
  • Members
  • PipPipPip
  • Advanced Member
  • 3,369 posts
  • LocationPalm Beach, Florida

Posted 18 August 2006 - 08:06 PM

I am trying to make it so that if a user on my site is not active for 30 minutes, it will automatically log them out.
I tried using session.gc_maxlifetime. So either it doesn't work, or I am not using it correcty.

If somone could show me how to use it, or what I could use instead, please let me know. Also, it would be helpful if you could just add it to this code, because I don't know where to put it.

session_start();
$sid=$_SESSION['playerid'];

Thanks XD


#2 Woolf

Woolf
  • Members
  • PipPipPip
  • Advanced Member
  • 41 posts

Posted 18 August 2006 - 08:26 PM

Well, there are a couple of ways to do this. I'm going to suggest the easiest way first, however, it is up to you how you use it.

Your idea of using 'session.gc_maxlifetime' is correct, however, how are you setting it? Here's how it should be done. At the top of your script(s) file, enter the following line:
ini_set('session.gc_maxlifetime', '1800');

ini_set lets the PHP script know that we're setting a variable to override the default variable as set in your hosts' php.ini file. 'session.gc_maxlifetime' is the name of the variable you're overriding, in this case it's the time of which a session should last. The '1800' is the time (in seconds) in which the session should last.


An alternative way, if the first way does not work, is to set a session called 'last_active' on every page. The value should contain the current time. Then, on each page, you can grab the last_active session and compare it with the current time. If the last_active session is more than thirty minutes, you can destroy the session with session_destroy().

If you're going to use the alternative way, let me know... I'll explain it in more detail.

#3 pocobueno1388

pocobueno1388
  • Members
  • PipPipPip
  • Advanced Member
  • 3,369 posts
  • LocationPalm Beach, Florida

Posted 18 August 2006 - 09:04 PM

Tell me if there is anything wrong with the code now that I added what you told me too.

<?php

include "config.php";

ini_set('session.gc_maxlifetime', '5');

session_start(); // Maintainsessionstate


$sid=$_SESSION['playerid'];

if(empty($sid)){

print "You must be logged in to view this page. <a 

href='index.php'>Login here.</a>";
exit;
}
$ip = "$HTTP_SERVER_VARS[REMOTE_ADDR]";
mysql_query("update players set ip='$ip', last_login=NOW() 

where playerID='$sid'");

?>


this is just the top part of my header.php script. It is called on every page with an 'include'.

ini_set('session.gc_maxlifetime', '5');
Isn't seeming to effect anything. I set it to '5' just to test it...but it's not working. Any suggestions?

#4 Woolf

Woolf
  • Members
  • PipPipPip
  • Advanced Member
  • 41 posts

Posted 18 August 2006 - 09:06 PM

I'm not sure it would make a difference, but you may want to try putting the ini_set... before the config.php include. Let me know if that does/doesn't work.

#5 pocobueno1388

pocobueno1388
  • Members
  • PipPipPip
  • Advanced Member
  • 3,369 posts
  • LocationPalm Beach, Florida

Posted 18 August 2006 - 09:13 PM

You don't think the '5' will make a difference?

It still won't work, here is the code now:
<?php


ini_set('session.gc_maxlifetime', '5');

include "config.php";

session_start(); // Maintainsessionstate

$sid=$_SESSION['playerid'];

if(empty($sid)){

print "You must be logged in to view this page. <a 

href='index.php'>Login here.</a>";
exit;
}
$ip = "$HTTP_SERVER_VARS[REMOTE_ADDR]";
mysql_query("update players set ip='$ip', last_login=NOW() 

where playerID='$sid'");

?>

If the '5' doesn't make a difference, am I just going to have to wait the 1800 seconds to find out if it works?

#6 Woolf

Woolf
  • Members
  • PipPipPip
  • Advanced Member
  • 41 posts

Posted 18 August 2006 - 09:28 PM

Sorry, I meant that I didn't think it would make a difference where the ini_set was, not the five.

Anyway, I looked it up and gc_maxlifetime is not what you're looking for. And after thinking it through, it probably wouldn't work the way you would expect anyway.


Anyway, let's try this.

<?php


include "config.php";

session_start(); // Maintainsessionstate

//No session set (first time user visited)
if(!isset($_SESSION['last_active'])){
	//Set the Session
	$_SESSION['last_active'] = time();
}

//Session set, but user not active for more than thirty minutes
elseif($_SESSION['last_active'] < time()-1800){
	print "Your session timed out.";
	exit;
}

//Session set, and the user has been active for under thirty minutes
elseif($_SESSION['last_active'] >= time()-1800){
	//Update session with current time
	$_SESSION['last_active'] = time();
}


$sid=$_SESSION['playerid'];

if(empty($sid)){

print "You must be logged in to view this page. <a 

href='index.php'>Login here.</a>";
exit;
}
$ip = "$HTTP_SERVER_VARS[REMOTE_ADDR]";
mysql_query("update players set ip='$ip', last_login=NOW() 

where playerID='$sid'");

?>

That should, in theory, work. Let me know how it goes.

#7 pocobueno1388

pocobueno1388
  • Members
  • PipPipPip
  • Advanced Member
  • 3,369 posts
  • LocationPalm Beach, Florida

Posted 18 August 2006 - 09:35 PM

That would work great, but there is one problem. I set it to expire in 10 seconds, and it worked. But then I tried to log in again, and it said that my session was expired. So it isn't reseting or something...how do I fix this?

By the way, thank you sooo much for your help XD

#8 Woolf

Woolf
  • Members
  • PipPipPip
  • Advanced Member
  • 41 posts

Posted 18 August 2006 - 09:37 PM

Silly me! I forgot to destroy the session. Here,

<?php


include "config.php";

session_start(); // Maintainsessionstate

//No session set (first time user visited)
if(!isset($_SESSION['last_active'])){
	//Set the Session
	$_SESSION['last_active'] = time();
}

//Session set, but user not active for more than thirty minutes
elseif($_SESSION['last_active'] < time()-1800){
	print "Your session timed out.";

	//Destroy the session
	$_SESSION['last_active'] = '';
	exit;
}

//Session set, and the user has been active for under thirty minutes
elseif($_SESSION['last_active'] >= time()-1800){
	//Update session with current time
	$_SESSION['last_active'] = time();
}


$sid=$_SESSION['playerid'];

if(empty($sid)){

print "You must be logged in to view this page. <a 

href='index.php'>Login here.</a>";
exit;
}
$ip = "$HTTP_SERVER_VARS[REMOTE_ADDR]";
mysql_query("update players set ip='$ip', last_login=NOW() 

where playerID='$sid'");

?>


#9 pocobueno1388

pocobueno1388
  • Members
  • PipPipPip
  • Advanced Member
  • 3,369 posts
  • LocationPalm Beach, Florida

Posted 18 August 2006 - 09:41 PM

Hmm...still getting the same problem.

#10 Woolf

Woolf
  • Members
  • PipPipPip
  • Advanced Member
  • 41 posts

Posted 18 August 2006 - 09:47 PM

Hmm, it's probably because I essentially did not 'destroy' the session (because I do not know if you have any other session variables), instead, I just made it 'blank'. And in the first if variable where it sets the last visit, I told it to check if it was set, well.. it was, it was just empty.

Anyway, I've changed it so that it will create a new last_visit session if the session is empty, and it will not give you any time out errors or anything unless the session is not empty.

//No session set (first time user visited)
if(empty($_SESSION['last_active'])){
	//Set the Session
	$_SESSION['last_active'] = time();
}

//Session set, but user not active for more than thirty minutes
elseif(!empty($_SESSION['last_active']) && $_SESSION['last_active'] < time()-1800){
	print "Your session timed out.";

	//Destroy the session
	$_SESSION['last_active'] = '';
	exit;
}

//Session set, and the user has been active for under thirty minutes
elseif(!empty($_SESSION['last_active']) && $_SESSION['last_active'] >= time()-1800){
	//Update session with current time
	$_SESSION['last_active'] = time();
}

Replace the old section with the code above.

Let me know if that works.

#11 pocobueno1388

pocobueno1388
  • Members
  • PipPipPip
  • Advanced Member
  • 3,369 posts
  • LocationPalm Beach, Florida

Posted 18 August 2006 - 09:51 PM

The session won't time out now =( Here is the code I have in:

<?php


include "config.php";

session_start(); // Maintainsessionstate

//No session set (first time user visited)
if(!empty($_SESSION['last_active'])){
	//Set the Session
	$_SESSION['last_active'] = time();
}

//Session set, but user not active for more than thirty minutes
elseif(!empty($_SESSION['last_active']) && $_SESSION['last_active'] < time()-10){
	print "Your session timed out.";

	//Destroy the session
	$_SESSION['last_active'] = '';
	exit;
}

//Session set, and the user has been active for under thirty minutes
elseif(!empty($_SESSION['last_active']) && $_SESSION['last_active'] >= time()-10){
	//Update session with current time
	$_SESSION['last_active'] = time();
}


$sid=$_SESSION['playerid'];

if(empty($sid)){

print "You must be logged in to view this page. <a 

href='index.php'>Login here.</a>";
exit;
}
$ip = "$HTTP_SERVER_VARS[REMOTE_ADDR]";
mysql_query("update players set ip='$ip', last_login=NOW() 

where playerID='$sid'");

?>


#12 Woolf

Woolf
  • Members
  • PipPipPip
  • Advanced Member
  • 41 posts

Posted 18 August 2006 - 09:53 PM

You caught me a couple seconds before I reviewed the post... if you look at my post, I removed the exclamation point from the first empty :)

#13 pocobueno1388

pocobueno1388
  • Members
  • PipPipPip
  • Advanced Member
  • 3,369 posts
  • LocationPalm Beach, Florida

Posted 18 August 2006 - 09:55 PM

Haha. It works now! Thank you so much for all your help.

#14 Woolf

Woolf
  • Members
  • PipPipPip
  • Advanced Member
  • 41 posts

Posted 18 August 2006 - 09:58 PM

You are most certainly welcome. Please let me know if you need any more help with anything.

P.S. If you wish, you may edit the original post title and place a [solved] (or [resolved].. whatever works for you) in front of it, to signify that your issue has been resolved. Just helps us out a little. :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users