Session Time out

Fuzzy Logic · November 28, 2009

Hey,

What i am trying to achive is, when a user has been incative for a certein time (For arguements sake 10 minutes) it auto logs them out.

I have already played around with some code, but it always seems to log out right away.

Within index.php i have a simple login script with config.php included into it.

config.php is included into every single page, as it is my main function file and also has my databse connection within it.

Within config.php i start the users session with

session_start()

.

Also within config.php is code to inmput into the suer databse table their current time active.

So my problem and therefore question is, how can i make it so no mater what page they are on (passed index.php) they can not be inactive for more than 10 mintes.

Any help would be great, I have the feeling I am overthinking it, and the problem is dead easy =)

-Fuzzy.

Daniel0 · November 28, 2009

Just make the lifetime 10 minutes (well, 600 seconds) using session_set_cookie_params.

dragon_sa · November 28, 2009

in you config page put a current time stamp and add 10 minutes to it, add this into a session variable, then everytime the page gets loaded you can then use config to check the time stamp variable, if it is within 10 minutes reset it to the new time stamp plu 10 mins if it is past 10 mins then kill the session variables and redirect to login page.

phant0m · November 28, 2009

also, have a look at this:

http://www.php.net/manual/en/session.configuration.php#ini.session.gc-maxlifetime

Fuzzy Logic · November 28, 2009

in you config page put a current time stamp and add 10 minutes to it, add this into a session variable, then everytime the page gets loaded you can then use config to check the time stamp variable, if it is within 10 minutes reset it to the new time stamp plu 10 mins if it is past 10 mins then kill the session variables and redirect to login page.

Can you expand on this at all, maybe with a quick example?

phant0m · November 28, 2009

that's probably what dragon_sa meant:

<?php
session_start();
if(isset($_SESSION['timestamp']) && (time() - $_SESSION['timestamp'] > 60 * 10)){ // 10 minutes
    session_destroy();
    session_start();
    session_regenerate_id();
}
$_SESSION['timestamp'] = time(); 

?>

note: I did not check whether the code actually works, but it should

dragon_sa · November 28, 2009

if(time() - $_SESSION['timestamp'] > 60 * 10)

any particular reason you didnt just put 600 instead of 60 * 10?

phant0m · November 28, 2009

just for readability^^

Fuzzy Logic · November 28, 2009

Would it also make it easier to alter the amount minutes, through changing the '10' to what ever amount of minutes you want?

Daniel0 · November 28, 2009

Uh... what's the problem with

session_set_cookie_params(600);

?

Cookies already have expiration, so just use that.

phant0m · November 28, 2009

@Fuzzy Logic: Yes, that's exactly why I did it that way.

@Daniel0: The only "issue" is, that the cookie will expire, but not the session itself. So the session is still available, if you know the SID. But your method should work flawlessly in most cases of course, also it's much more simple.

Fuzzy Logic · November 28, 2009

Uh... what's the problem with
session_set_cookie_params(600);
?

Cookies already have expiration, so just use that.

Would that work even with cookies turned off?

Daniel0 · November 28, 2009

Would that work even with cookies turned off?

No, but then again, neither will sessions unless you use that ugly PHPSESSID thing.

Fuzzy Logic · November 28, 2009

Would that work even with cookies turned off?

No, but then again, neither will sessions unless you use that ugly PHPSESSID thing.

Ugly PHPSESSID? Please excuse my ignorence =(

Daniel0 · November 28, 2009

Ugly PHPSESSID? Please excuse my ignorence =(

The session must have a name, by default it's PHPSESSID. You can pass the session ID to PHP in two ways:

1) Using a cookie with that name.

2) Using a parameter in the URL with that name, e.g. index.php?PHPSESSID=987sd9fshfblablabla

You can turn off #2, which I would recommend.

Fuzzy Logic · November 28, 2009

Ugly PHPSESSID? Please excuse my ignorence =(

The session must have a name, by default it's PHPSESSID. You can pass the session ID to PHP in two ways:

1) Using a cookie with that name.

2) Using a parameter in the URL with that name, e.g. index.php?PHPSESSID=987sd9fshfblablabla

You can turn off #2, which I would recommend.

Ah, okay thanks =)

I got it to work thanks you, using that script posted Thank you =)

dragon_sa · November 28, 2009

shared hosting may be another reason where you have no control of the cookie expiration times, which I have experienced a couple of times

Sign In

Session Time out

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Join the conversation

Important Information