Jump to content

Archived

This topic is now archived and is closed to further replies.

drayarms

Session Time Out code behaving Badly?

Recommended Posts

I have the following session timeout code which should redirect users of a website to a page (session_expired.php) which prints out a message telling the user that his session has expired.  I include this code at the top of every page in the website, that requires user authentication.


<?php


//address error handling

ini_set ('display_errors', 1);
error_reporting (E_ALL & ~E_NOTICE);


if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > 1800)) {
    // last request was more than 30 minates ago
    session_destroy();   // destroy session data in storage
    session_unset();     // unset $_SESSION variable for the runtime
    header("location: session_expired.php");
}
$_SESSION['LAST_ACTIVITY'] = time(); // update last activity time stamp


?>

 

The session_expired.php page which I will include below, has a login link, which takes the user to a login page (access_denied.php)



<?php

//address error handling

ini_set ('display_errors', 1);
error_reporting (E_ALL & ~E_NOTICE);




//Set the page title before the header file
$title = 'Session Expired';

require ('header.php'); //need the header

?>









	      <div id="content" class="">



			<div id="left_content" class="">





			</div> <!--closes left content-->





			<div id="right_content" class="">

				<div id= "right_content_inner_border">


					<h5 style ="position:relative;left:660px;top:1px;"> <a style="text-decoration:none" href="access_denied.php">[Login]</a> </h5>


					<h3 style ="position:relative;left:110px;top:100px; font-color:blue;"> You Session Expired Due to Inactivity! </h3>


				</div> <!--closes right content inner border-->

			</div> <!--closes right content-->




		</div> <!--closes content-->
















<?php

require ('footer.php'); //need the footer




?>

 

 

 

Now here lies the problem.  When i set the session timeout to say 60 seconds to test the code, everything seems to work perfectly.  The authenticated page gets redirected to session_expired.php after 1 minute and when the user clicks on the login link, he is taken back to the login page(access_denied.php).    However, when I replace the time with 1800 seconds, the page notice that when I leave the page idle for JUST about 5 minutes, it gets redirected NOT even to the expected session_expired.php page but strangely, directly to the login page(access_denied.php).  What could be going wrong here?  Any hint is appreciated. 

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.