Jump to content

Archived

This topic is now archived and is closed to further replies.

pocobueno1388

Making a session expire problem... *SOLVED*

Recommended Posts

I am trying to make it so that if a user on my site is not active for 30 minutes, it will automatically log them out.
I tried using [tt]session.gc_maxlifetime[/tt]. So either it doesn't work, or I am not using it correcty.

If somone could show me how to use it, or what I could use instead, please let me know. Also, it would be helpful if you could just add it to this code, because I don't know where to put it.

[code]session_start();
$sid=$_SESSION['playerid'];[/code]

Thanks XD

Share this post


Link to post
Share on other sites
Well, there are a couple of ways to do this. I'm going to suggest the easiest way first, however, it is up to you how you use it.

Your idea of using 'session.gc_maxlifetime' is correct, however, how are you setting it? Here's how it should be done. At the top of your script(s) file, enter the following line:
[i]ini_set('session.gc_maxlifetime', '1800');[/i]

ini_set lets the PHP script know that we're setting a variable to override the default variable as set in your hosts' php.ini file. 'session.gc_maxlifetime' is the name of the variable you're overriding, in this case it's the time of which a session should last. The '1800' is the time (in seconds) in which the session should last.


An alternative way, if the first way does not work, is to set a session called 'last_active' on every page. The value should contain the current time. Then, on each page, you can grab the last_active session and compare it with the current time. If the last_active session is more than thirty minutes, you can destroy the session with session_destroy().

If you're going to use the alternative way, let me know... I'll explain it in more detail.

Share this post


Link to post
Share on other sites
Tell me if there is anything wrong with the code now that I added what you told me too.

[code]
<?php

include "config.php";

ini_set('session.gc_maxlifetime', '5');

session_start(); // Maintainsessionstate


$sid=$_SESSION['playerid'];

if(empty($sid)){

print "You must be logged in to view this page. <a

href='index.php'>Login here.</a>";
exit;
}
$ip = "$HTTP_SERVER_VARS[REMOTE_ADDR]";
mysql_query("update players set ip='$ip', last_login=NOW()

where playerID='$sid'");

?>

[/code]

this is just the top part of my header.php script. It is called on every page with an 'include'.

[code]
ini_set('session.gc_maxlifetime', '5');[/code] Isn't seeming to effect anything. I set it to '5' just to test it...but it's not working. Any suggestions?

Share this post


Link to post
Share on other sites
I'm not sure it would make a difference, but you may want to try putting the ini_set... before the config.php include. Let me know if that does/doesn't work.

Share this post


Link to post
Share on other sites
You don't think the '5' will make a difference?

It still won't work, here is the code now:
[code]
<?php


ini_set('session.gc_maxlifetime', '5');

include "config.php";

session_start(); // Maintainsessionstate

$sid=$_SESSION['playerid'];

if(empty($sid)){

print "You must be logged in to view this page. <a

href='index.php'>Login here.</a>";
exit;
}
$ip = "$HTTP_SERVER_VARS[REMOTE_ADDR]";
mysql_query("update players set ip='$ip', last_login=NOW()

where playerID='$sid'");

?>
[/code]

If the '5' doesn't make a difference, am I just going to have to wait the 1800 seconds to find out if it works?

Share this post


Link to post
Share on other sites
Sorry, I meant that I didn't think it would make a difference where the ini_set was, not the five.

Anyway, I looked it up and gc_maxlifetime is not what you're looking for. And after thinking it through, it probably wouldn't work the way you would expect anyway.


Anyway, let's try this.

[code]<?php


include "config.php";

session_start(); // Maintainsessionstate

//No session set (first time user visited)
if(!isset($_SESSION['last_active'])){
//Set the Session
$_SESSION['last_active'] = time();
}

//Session set, but user not active for more than thirty minutes
elseif($_SESSION['last_active'] < time()-1800){
print "Your session timed out.";
exit;
}

//Session set, and the user has been active for under thirty minutes
elseif($_SESSION['last_active'] >= time()-1800){
//Update session with current time
$_SESSION['last_active'] = time();
}


$sid=$_SESSION['playerid'];

if(empty($sid)){

print "You must be logged in to view this page. <a

href='index.php'>Login here.</a>";
exit;
}
$ip = "$HTTP_SERVER_VARS[REMOTE_ADDR]";
mysql_query("update players set ip='$ip', last_login=NOW()

where playerID='$sid'");

?>[/code]

That should, in theory, work. Let me know how it goes.

Share this post


Link to post
Share on other sites
That would work great, but there is one problem. I set it to expire in 10 seconds, and it worked. But then I tried to log in again, and it said that my session was expired. So it isn't reseting or something...how do I fix this?

By the way, thank you sooo much for your help XD

Share this post


Link to post
Share on other sites
Silly me! I forgot to destroy the session. Here,

[code]<?php


include "config.php";

session_start(); // Maintainsessionstate

//No session set (first time user visited)
if(!isset($_SESSION['last_active'])){
//Set the Session
$_SESSION['last_active'] = time();
}

//Session set, but user not active for more than thirty minutes
elseif($_SESSION['last_active'] < time()-1800){
print "Your session timed out.";

//Destroy the session
$_SESSION['last_active'] = '';
exit;
}

//Session set, and the user has been active for under thirty minutes
elseif($_SESSION['last_active'] >= time()-1800){
//Update session with current time
$_SESSION['last_active'] = time();
}


$sid=$_SESSION['playerid'];

if(empty($sid)){

print "You must be logged in to view this page. <a

href='index.php'>Login here.</a>";
exit;
}
$ip = "$HTTP_SERVER_VARS[REMOTE_ADDR]";
mysql_query("update players set ip='$ip', last_login=NOW()

where playerID='$sid'");

?>[/code]

Share this post


Link to post
Share on other sites
Hmm, it's probably because I essentially did not 'destroy' the session (because I do not know if you have any other session variables), instead, I just made it 'blank'. And in the first if variable where it sets the last visit, I told it to check if it was set, well.. it was, it was just empty.

Anyway, I've changed it so that it will create a new last_visit session if the session is empty, and it will not give you any time out errors or anything unless the session is not empty.

[code]//No session set (first time user visited)
if(empty($_SESSION['last_active'])){
//Set the Session
$_SESSION['last_active'] = time();
}

//Session set, but user not active for more than thirty minutes
elseif(!empty($_SESSION['last_active']) && $_SESSION['last_active'] < time()-1800){
print "Your session timed out.";

//Destroy the session
$_SESSION['last_active'] = '';
exit;
}

//Session set, and the user has been active for under thirty minutes
elseif(!empty($_SESSION['last_active']) && $_SESSION['last_active'] >= time()-1800){
//Update session with current time
$_SESSION['last_active'] = time();
}[/code]

Replace the old section with the code above.

Let me know if that works.

Share this post


Link to post
Share on other sites
The session won't time out now =( Here is the code I have in:

[code]
<?php


include "config.php";

session_start(); // Maintainsessionstate

//No session set (first time user visited)
if(!empty($_SESSION['last_active'])){
//Set the Session
$_SESSION['last_active'] = time();
}

//Session set, but user not active for more than thirty minutes
elseif(!empty($_SESSION['last_active']) && $_SESSION['last_active'] < time()-10){
print "Your session timed out.";

//Destroy the session
$_SESSION['last_active'] = '';
exit;
}

//Session set, and the user has been active for under thirty minutes
elseif(!empty($_SESSION['last_active']) && $_SESSION['last_active'] >= time()-10){
//Update session with current time
$_SESSION['last_active'] = time();
}


$sid=$_SESSION['playerid'];

if(empty($sid)){

print "You must be logged in to view this page. <a

href='index.php'>Login here.</a>";
exit;
}
$ip = "$HTTP_SERVER_VARS[REMOTE_ADDR]";
mysql_query("update players set ip='$ip', last_login=NOW()

where playerID='$sid'");

?>
[/code]

Share this post


Link to post
Share on other sites
You caught me a couple seconds before I reviewed the post... if you look at my post, I removed the exclamation point from the first empty :)

Share this post


Link to post
Share on other sites
You are most certainly welcome. Please let me know if you need any more help with anything.

P.S. If you wish, you may edit the original post title and place a [solved] (or [resolved].. whatever works for you) in front of it, to signify that your issue has been resolved. Just helps us out a little. :)

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.