Dillon Posted January 4, 2010 Share Posted January 4, 2010 Hello, I have a website which contains a login section. When the user logs into the website, it creates a session, and inserts into the database "true" at their name to show that they are logged in. Is there a way to make the session expire after 2 hours after the user logs in? And also make the database field "False", so they are not logged in anymore? I am having an issue when the users dont click the "logout button" and just close their web browser... They stay logged in by the database record, and the session dosent expire... Does anyone have suggestions how to fix this? Thanks! -Flightfanatic Quote Link to comment Share on other sites More sharing options...
premiso Posted January 4, 2010 Share Posted January 4, 2010 Using session_set_cookie_params should allow you to make the session last longer. You should also be able to change this in the php.ini if you are able to so you do not have to have that code in there before the session_start each time. Quote Link to comment Share on other sites More sharing options...
Dillon Posted January 4, 2010 Author Share Posted January 4, 2010 Ok, thanks for the quick reply! Where in the php.ini file would I have to change in order for it to work? Thanks! -Flightfanatic Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted January 4, 2010 Share Posted January 4, 2010 To update the value in your database to automatically log someone out, you need to execute a query that tests the 'last active time' each logged in member and changes the 'logged in' status to FALSE in the table for any rows that have a 'last active time' farther in the past then a limit you pick. You can either execute this query using a cron job/scheduled task or if neither of those methods are available and you already have 'who's online' code that gets executed on each page visit, you can modify that code to update the 'logged in' status as one of the things it does. It should not matter if the session exists or not because you should be checking the 'logged in' status in the database table (assuming you have or want the ability for an administrator to have overriding control in case a member is spamming your web site...) A session, if it exists, should just identify the visitor, not determine if he is logged in or not. Quote Link to comment Share on other sites More sharing options...
Dillon Posted January 4, 2010 Author Share Posted January 4, 2010 Oh ok, I have it update the database when the user clicks the logout button, but if they just close their browser window, they stay logged in. I tried updating the php.ini file where "session.gc_maxlifetime = 1440", I tried changing that to 60 but it didnt do anything... I might just leave my login part the way it is. I am getting way over my head with this stuff. -Flightfanatic Quote Link to comment Share on other sites More sharing options...
ignace Posted January 4, 2010 Share Posted January 4, 2010 Alternatively you can store your session's in the database along with the username. If a record exists the user is indicated to be online. Store his last_click_at and last_click_url and you can even indicate at what he is currently looking if a user is idle for to long (last_click_at + max_idle_time < now()) remove his record. Alternate options by using a database: - remote logoff - check double logon You can store session's in your database by using session_set_save_handler Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.