Jump to content

Adding a Login Session Timeout


spacepoet

Recommended Posts

Hi:

 

How do I set a password-protected page to time out after 20 minutes or so?

 

I thought it was doing it on the below page, but it is not working.

 

A tutorial I found online.

 

Login.php

<form name="form1" method="post" action="myLogin.php">

<input name="myUserName" type="text" size="40" id="myUserName">
<br /><br />
<input name="myPassword" type="password" size="40" id="myPassword">

</div>

<input type="submit" name="Submit" value="Login">

</form>

 

myLogin.php

<?php

ob_start();

// Connect to server and select database.
//mysql_connect("$host", "$username", "$password")or die("cannot connect");
//mysql_select_db("$db_name")or die("cannot select DB");

// Define $myUserName and $myPassword
$myUserName=$_POST['myUserName'];
$myPassword=$_POST['myPassword'];



// To protect MySQL injection (more detail about MySQL injection)
$myUserName = stripslashes($myUserName);
$myPassword = stripslashes($myPassword);

$myUserName = mysql_real_escape_string($myUserName);
$myPassword = mysql_real_escape_string($myPassword);


$sql="SELECT * FROM myAdmins WHERE myUserName='$myUserName' and myPassword='$myPassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myUserName and $myPassword, table row must be 1 row

if($count==1){
// Register $myUserName, $myPassword and redirect to file "a_Home.php"
session_register("myUserName");
session_register("myPassword");

header("location:a_Home.php");
}
else {

echo "


<html>

...

</html>
";
}

ob_end_flush();
?>

 

myCheckLogin.php (added to each page to see if the person logged-in via Login.php):

<?
session_start();
if(!session_is_registered(myUserName)){
header("location:Login.php");
}
?>

 

Any help would be great.

 

Thanks.

Link to comment
Share on other sites

When a logged in user performs some action (like accessing one of the admin page or something), store the current time is a session variable or somewhere (eg: last_access_time). Then when the logged in user performs another action, check if it has been 20 minutes since the last recorded time stamp. If it has been more than 20 mins, logout the user. Or if it is not 20 mins yet, allow the action and update last_access_time with the current time.

 

By the way, your above code will not check for time out and also, the function session_is_registered is deprecated as of PHP 5.3.0. So use the $_SESSION super global instead.

Link to comment
Share on other sites

Hi.

 

Thanks for the tip.

 

I found that online so just going with what was in the tutorial.

 

Is there a more "robust" example you can point me to?

 

I want to keep it as simple as possible but want to make it solid as well.

 

New to me so not always sure what to look for ...

Link to comment
Share on other sites

I, myself do the same as saurabhx, this is a foolproof method and stops people fiddling with the account.

 

You could also use a JavaScript timeout to log them out if the page has be stationary for 20 minutes, although this can be stopped if the user have JavaScript turned off, it's useful for people who don't have it turned off :)

 

Regards, PaulRyan.

Link to comment
Share on other sites

Hi:

 

Thanks for all the tips.

 

For doing a "setcookie("TestCookie", $value, time()+1200);"

 

Is that something I add to the myCheckLogin.php page? Just like that?

 

Not to much experience with cookies but want to learn more.

 

Thanks!

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.