Help with Sessions

[lalnfl]

How do you set a time limit on a session?

 

[WatsonN]

Are you looking for an inactivity timer?

session_start();

// 10 mins in seconds
$inactive = 600; 

$session_life = time() - $_session['timeout'];

if($session_life > $inactive)
{  session_destroy(); header("Location: logoutpage.php");     }

S_session['timeout']=time();

 

[lalnfl]

Yes I am so that I can log the user out.

[lalnfl]

Could you explain the code for me?

[WatsonN]

Sure

 

This starts the session:

session_start();

 

This is just telling the script how long to let them be inactive(Must be in seconds):

$inactive = 600;

 

Setting the session_life variable:

$session_life = 

 

Current Unix time:

time()

 

Subtracting the current inactive time(not completely sure):

 - $_session['timeout']

 

Saying if the session life time is greater than the $inactive time:

if($session_life > $inactive)

Do This:

 

Destroy the session:

{  session_destroy()

 

Redirect to the logout page:

header("Location: logoutpage.php");     }

If not greater than $inactive:

 

Setting session timeout to the current Unix time:

S_session['timeout']=time();

 

-edit- fixed minor mistype -edit-

[lalnfl]

Where does the $_Session['timeout'] come from?

[WatsonN]

Variables that start with an underscore _  are server variables that the server sets.

[PFMaBiSmAd]

Correct capitalization matters in programming, variable names are case-sensitive and session variables are $_SESSION

[WatsonN]

Updated code:

<?php
session_start();

// 10 mins in seconds
$inactive = 600; 

$session_life = time() - $_SESSION['timeout'];

if($session_life > $inactive)
{  session_destroy(); header("Location: logoutpage.php");     }

$_SESSION['timeout']=time();
?>

 

[lalnfl]

Okay it works and thanks for the help but I have one question.

 

What does the $_SESSION['timeout']=time(); do? When its time() - $_SESSION['timeout'] isn't the time the same when you load the page? Or how does that work?

[WatsonN]

$_SESSION['timeout'] is a var that will be stored throughout your session on the site.

 

$_SESSION['timeout']=time() sets this to the current time.

 

time() - $_SESSION['timeout']  is subtracting timeout from current time.

 

 

[lalnfl]

I put it on all of my pages, but it doesn't work correctly. Is it not suppose to go on all pages?

[WatsonN]

Oops, try this one. I keep it in a file called timer.php and just include to keep it simple, just an Idea

<?php
$error = 'Your session timed out.'; 
session_start();
if($_SESSION['session_count'] == 0) { 
$_SESSION['session_count'] = 1;
$_SESSION['session_start_time']=time();
} else {
$_SESSION['session_count'] = $_SESSION['session_count'] + 1;
}

$session_timeout = 1800;

$session_duration = time() - $_SESSION['session_start_time'];
if ($session_duration > $session_timeout) { 
session_unset();
session_destroy();
session_start();
session_regenerate_id(true);
setcookie("Key_WatsonN", 0, time()-3600);
setcookie("Errors", 0, time()-3600); 
setcookie("UID", 0, time()-3600);
setcookie("PWD", 0, time()-3600);
setcookie(Errors, $error, time()+120000);
$_SESSION["expired"] = "yes";
header("Location: /"); // Redirect to Login Page
} else {
$_SESSION['session_start_time']=time();
}
?>

 

 

[lalnfl]

Nice. Thank you very much for the help.

[WatsonN]

Sure thing Sorry if i confused you 

 

All you need to do is add your cookies that you need removed and change the timeout if you want too

[lalnfl]

Okay I do have 1 more question, if I have a script that goes along with this one that logs the person in and out, but how about if the user closes the browser without either logging out or going over the inactivity time? How would you make it so it would show the person logged out?

[WatsonN]

What you could do is when you set the cookie set it to expire when the session is closed

[lalnfl]

So I would set the cookie to 0 then?

[WatsonN]

Yes or just omit that all together

[lalnfl]

Okay I am confused. Could you show an example of code that would do the log out thing?

[WatsonN]

to make each one expire at the end of the session

setcookie(name, value, 0)

or

setcookie(name, value)

 

[lalnfl]

When you log in would you set the cookie the same way?

[WatsonN]

Sure would

[lalnfl]

It still shows that there is 1 person online. When I close the broswer and come back on the script where it changes the user to logged out, still has logged in. So I am stuck on how to figure this problem out?

[WatsonN]

Can you post the script?