Jump to content

Archived

This topic is now archived and is closed to further replies.

newb

is this true about sessions?

Recommended Posts

is it true that sessions only last and dont expire until the user closes their browser or logs out?

Share this post


Link to post
Share on other sites
Yes, they expire after either closing the browser or if you use session_destroy().

Share this post


Link to post
Share on other sites
what about $_SESSION = array(); ? doesnt that create the same effect?

Share this post


Link to post
Share on other sites
$_SESSION is already an array! So theres no point in redeclaring it as an array. What ever you do with sessions they will always expire when the user closes their browser, or if the user logs out.

Share this post


Link to post
Share on other sites
ok and how do you make sessions logout automatically after a certain period of time.

Share this post


Link to post
Share on other sites
Also you need to use unset() and session_destroy();

not like advised just session_destroy as above last two posts said.

a session and cookie work together so when the user has cookies off the session it self takes over,

when a user leves the website the session will destroy and afther a while unset() it self in millisecons.

what are you trying to do please.

are users logedin?

[b]EDITED BY WILDTEEN88: DO NOT DOUBLE POST USE THE MODIFY BUTTON ([IMG]http://www.phpfreaks.com/forums/Themes/default/images/icons/modify_inline.gif[/img])[/B]

Share this post


Link to post
Share on other sites
is it ok to use session_regenerate_id(); when logging out?

Share this post


Link to post
Share on other sites
If you want to make the session expire, let's say, if someone is idling for a hour do this-
On every page add:
[code]<?php
session_start();
if($_SESSION['birth']+(60*60)<time()){
session_destroy();
die("Please log in again");
}else{
$_SESSION['birth']=time();
}
?>[/code]

If someone refreshes the window after more than one hour of idling he's out.

Orio.

Share this post


Link to post
Share on other sites
[quote author=Orio link=topic=105855.msg422975#msg422975 date=1156714749]
If you want to make the session expire, let's say, if someone is idling for a hour do this-
On every page add:
[code]<?php
session_start();
if($_SESSION['birth']+(60*60)<time()){
session_destroy();
die("Please log in again");
}else{
$_SESSION['birth']=time();
}
?>[/code]

If someone refreshes the window after more than one hour of idling he's out.

Orio.
[/quote]

thanks will try that :D

Share this post


Link to post
Share on other sites
But what about if a user is using the website for 2 hours they can not as there out.

Share this post


Link to post
Share on other sites
[code=php:0]
<?php
session_start();
if ( $_SESSION['birth']+(60*60)<time() ) {
$query = mysql_query("UPDATE `$table_users` SET last_action = $now AND logged_in = 0 WHERE alias='$ses_user'");
session_destroy();
die("Please log in again");
} else {
$_SESSION['birth']=time();
}
?>
[/code]

can that work?

Share this post


Link to post
Share on other sites
[code]
<?php
session_start();
if ( $_SESSION['ses_user']+(60*60)<time() ) {
$query = mysql_query("UPDATE `$table_users` SET last_action = $now AND logged_in = 0 WHERE alias='$ses_user'");
session_destroy();
die("Please log in again");
} else {
$_SESSION['ses_user']=time();
}
?>
[/code]

Share this post


Link to post
Share on other sites
i dont think it works. here's my code:
[code]
<?php
session_start();
// Session Definitions
$ses_user = $_SESSION['username'];
$session_id = session_id(); 
$now = time();

if ( $_SESSION['username']+(60*60)<time() ) {
$query = mysql_query("UPDATE `$table_users` SET last_action = $now, logged_in = '0' WHERE alias='$ses_user'");
session_unset();
session_destroy();
$_SESSION = array();
echo "You have been logged out due to inactivity. <br /><a href='modules.php?name=cpanel'>Log back in</a> - <a href='index.php'>Go to index</a>";
} else {
$_SESSION['username']=time();
}
?>
[/code]

it just echo's this at the very top left of the page:
[quote]You have been logged out due to inactivity.
Log back in - Go to index[/quote]

any idea why?

[b]edit[/b] oh and even with the right username and password information, i cant login.

Share this post


Link to post
Share on other sites

try this ok.
[code]
<?php
session_start();
// Session Definitions
$ses_user = $_SESSION['username'];
$session_id = session_id(); 
$now = time();

if ( $ses_user +(60*60)<time() ) {
$query = mysql_query("UPDATE `$table_users` SET last_action = $now, logged_in = '0' WHERE alias='$ses_user'");
session_unset();
session_destroy();
echo "You have been logged out due to inactivity. <br /><a href='modules.php?name=cpanel'>Log back in</a> - <a href='index.php'>Go to index</a>";
} else {
$ses_user=time();
}
?>
[/code]

Share this post


Link to post
Share on other sites
cant i just set the phpsessid session cookie to expire somehow?

Share this post


Link to post
Share on other sites
is this valid?:
setcookie("PHPSESSID",$PHPSESSID,time()+3600);

Share this post


Link to post
Share on other sites
ok,
[code]<?php
    if($error == '')
    {
        $data = mysql_fetch_array($result);
  $_SESSION['username'] = $data['username'];
        $libmysql->query("UPDATE `$table_users` SET last_seen='$date', logged_in = '1' WHERE alias='$ses_user'");
          echo '<meta http-equiv="Refresh" Content="0; URL=modules.php?name=cpanel&action=profile">';
          die();
      }
      else
  {
      echo 'The following errors were returned:<br />'.$error.'<br />';
    }
}
?>
[/code]

Share this post


Link to post
Share on other sites
[code][code][code][/code]See thats where he's having the problem his $_SESSION['username'] is obviously the username and not a timestamp created from time()....

so if you switch it back to the $_SESSION['birth'] and declare it by doing
session_register('birth');
$_SESSION['birth'] = time();
you would then be able to use the original code of:
[/CODE]
<?php
session_start();
if($_SESSION['birth']+(60*60)<time()){
session_destroy();
die("Please log in again");
}else{
$_SESSION['birth']=time();
}
?>
[/CODE]

I do it like this..

[CODE]
<?php
// all of this at the beginning of code after a database connection has been made.
$sql = "SELECT * FROM users WHERE alias = '$username'";
$sql = mysql_query($sql);
$row = mysql_fetch_assoc($sql);

if ($row['last_activity'] <= time()-3600) {
$query = mysql_query("UPDATE users SET logged_in = '0' WHERE alias='$ses_user'");
session_unset();
session_destroy();
echo "You have been logged out due to inactivity. <br /><a href='modules.php?name=cpanel'>Log back in</a> - <a href='index.php'>Go to index</a>";
} else {
$query = mysql_query("UPDATE users SET last_activity = time() WHERE alias='$ses_user'");
}
?>
[/CODE]

what that code should do is first set up an array of everything in the users table for the user -- that way you can use it anywhere throughout the page.. or if your using a templating engine anywhere throughout the site...

Then it will check to see if the last_activity is equal to or less than current time minus 3600 seconds (1 hour)  If it is -- then delete the session -- if it isnt -- update the last_activity to the current time to refresh the limit..

Share this post


Link to post
Share on other sites
ok cool, how do i make the time minus 5 minutes so if their idle for 5 mins their ses gets deleted

Share this post


Link to post
Share on other sites
time() - 60 * 5

also you might have to put exit(); after the end of the echo when the session is destroyed to make it so it stops right there....

Share this post


Link to post
Share on other sites
I suppose you could use that too..  but exit(); does the same thing...

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.