drayarms Posted May 24, 2011 Share Posted May 24, 2011 I have the following session timeout code which should redirect users of a website to a page (session_expired.php) which prints out a message telling the user that his session has expired. I include this code at the top of every page in the website, that requires user authentication. <?php //address error handling ini_set ('display_errors', 1); error_reporting (E_ALL & ~E_NOTICE); if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > 1800)) { // last request was more than 30 minates ago session_destroy(); // destroy session data in storage session_unset(); // unset $_SESSION variable for the runtime header("location: session_expired.php"); } $_SESSION['LAST_ACTIVITY'] = time(); // update last activity time stamp ?> The session_expired.php page which I will include below, has a login link, which takes the user to a login page (access_denied.php) <?php //address error handling ini_set ('display_errors', 1); error_reporting (E_ALL & ~E_NOTICE); //Set the page title before the header file $title = 'Session Expired'; require ('header.php'); //need the header ?> <div id="content" class=""> <div id="left_content" class=""> </div> <!--closes left content--> <div id="right_content" class=""> <div id= "right_content_inner_border"> <h5 style ="position:relative;left:660px;top:1px;"> <a style="text-decoration:none" href="access_denied.php">[Login]</a> </h5> <h3 style ="position:relative;left:110px;top:100px; font-color:blue;"> You Session Expired Due to Inactivity! </h3> </div> <!--closes right content inner border--> </div> <!--closes right content--> </div> <!--closes content--> <?php require ('footer.php'); //need the footer ?> Now here lies the problem. When i set the session timeout to say 60 seconds to test the code, everything seems to work perfectly. The authenticated page gets redirected to session_expired.php after 1 minute and when the user clicks on the login link, he is taken back to the login page(access_denied.php). However, when I replace the time with 1800 seconds, the page notice that when I leave the page idle for JUST about 5 minutes, it gets redirected NOT even to the expected session_expired.php page but strangely, directly to the login page(access_denied.php). What could be going wrong here? Any hint is appreciated. Quote Link to comment https://forums.phpfreaks.com/topic/237292-session-time-out-code-behaving-badly/ Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.