PeggyBuckham Posted June 13, 2011 Share Posted June 13, 2011 I have been using a simple script for login information to be stored in the session array. The problem with the code I have been using is it only destroys the session if the user refreshes the page. I would like the page to automatically log the user out if there is no activity. Here is the code I have been using: ini_set('session.gc_maxlifetime',300); ini_set('session.gc_probability',1); ini_set('session.gc_divisor',1); session_start(); if($_SESSION['admin_login'] != $password){ header('Location: index.php'); exit(); } Quote Link to comment Share on other sites More sharing options...
gizmola Posted June 14, 2011 Share Posted June 14, 2011 You're just on entirely the wrong path. Automatic logout needs to be accomplished with javascript, not by trying to game the session garbage collection. Quote Link to comment Share on other sites More sharing options...
PeggyBuckham Posted June 14, 2011 Author Share Posted June 14, 2011 I have been working on using the setTimeout() function in javascript. The best I can think is I need to get the javascript to execute the php script. Right? Thank you for answering me I had almost given up thinking that someone would answer me? It has taken me way to long to try to figure out something that I thought should be easy. Quote Link to comment Share on other sites More sharing options...
redixx Posted June 14, 2011 Share Posted June 14, 2011 Using jQuery: setTimeout(function(){ $.post("destroy_session.php"); }, 300000); Quote Link to comment Share on other sites More sharing options...
gizmola Posted June 14, 2011 Share Posted June 14, 2011 I have been working on using the setTimeout() function in javascript. The best I can think is I need to get the javascript to execute the php script. Right? Thank you for answering me I had almost given up thinking that someone would answer me? It has taken me way to long to try to figure out something that I thought should be easy. Yes, you should have your standard logout url take care of "logging out" and destroying the session. Something along the lines of: session_start(); session_unset(); session_destroy(); Your on the right track with the javascript timeout. Basically you want the timeout function to redirect to your logout url. You also need to capture events and reset the timer anytime there is a mousemove, keypress or keydown event. Using a javascript library like jquery or prototype will make things much easier if you are challenged as to how to accomplish the javascript. Quote Link to comment Share on other sites More sharing options...
fugix Posted June 14, 2011 Share Posted June 14, 2011 word of caution, if you are going to use javascript/jquery to execute this function, you will need a noscript alternative in case a user has disabled javascript on their browser Quote Link to comment Share on other sites More sharing options...
gizmola Posted June 14, 2011 Share Posted June 14, 2011 word of caution, if you are going to use javascript/jquery to execute this function, you will need a noscript alternative in case a user has disabled javascript on their browser You can use a meta refresh with a somewhat longer timeout, or just don't allow them on the site with javascript turned off. Quote Link to comment Share on other sites More sharing options...
redixx Posted June 14, 2011 Share Posted June 14, 2011 word of caution, if you are going to use javascript/jquery to execute this function, you will need a noscript alternative in case a user has disabled javascript on their browser Well, there isn't really a noscript alternative except to just tell PHP to kill the session with gc_maxlifetime. But then that requires a page refresh. You can use a meta refresh with a somewhat longer timeout The only problem with that is you lose event tracking, so their session may get terminated even if they are still active. EDIT: Epiphany: You'd lose event tracking either way, I suppose. Quote Link to comment Share on other sites More sharing options...
fugix Posted June 14, 2011 Share Posted June 14, 2011 word of caution, if you are going to use javascript/jquery to execute this function, you will need a noscript alternative in case a user has disabled javascript on their browser You can use a meta refresh with a somewhat longer timeout, or just don't allow them on the site with javascript turned off. true, there are a few simple solutions to the issue, however I wanted to make the issue was aware to the OP as to not be overlooked, since it can cause very unwanted results Quote Link to comment Share on other sites More sharing options...
gizmola Posted June 14, 2011 Share Posted June 14, 2011 Yes, that is the tradeoff, but the theory there would be that an active session is going to move off a page in a reasonable amount of time. If your javascript inactivity timeout is 3 minutes, you might allow a meta refresh of 10. Quote Link to comment Share on other sites More sharing options...
PeggyBuckham Posted June 14, 2011 Author Share Posted June 14, 2011 Thank you all for your imput. I am working this all out...I think...I have some bugs to work out but I think I have it. Thank You again. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.