Jump to content

cookie and session


clausowitz

Recommended Posts

Hi All,

 

I have a secure website which always checks the cookies is not expired and the session id is set.

When someone doesn't browse for the period of the cookie it will expire however the session id stays valid

until he logout. A lot of people don't logout so the pages will still be accessable for them or others who use

their pc.

 

Is there a way to destroy the session id when the cookies expires?

 

Marco

Link to comment
Share on other sites

This is what happens if someone logout like he should:

 

$_SESSION = array();
// If it's desired to kill the session, also delete the session cookie
if (isset($_COOKIE['idCookie'])) {
    setcookie("idCookie", '', time()-42000, '/');
setcookie("passCookie", '', time()-42000, '/');
}

// Destroy the session variables
session_unset();
session_destroy();

 

How could I use the cookie functions to unset the session?

Link to comment
Share on other sites

You don't use the cookie functions to unset the session, you use the cookie function to set a timeout on the session cookie when the users first visit the site.  Wherever you call session_start, set a timeout on the session cookie so if the user leaves their browser idle for more than X minutes, the cookie disappears.

 

-Dan

Link to comment
Share on other sites

Like this?

// Create session var for their raw id
				$id = $row["id"];   
				$_SESSION['id'] = $id;
				// Create the idx session var
				$_SESSION['idx'] = base64_encode("g4p3h9xfn8sq03hs2234$id");
				setcookie("idx",$id,time()+$lifetime);
				// Create session var for their username
				$username = $row["username"];
				$_SESSION['username'] = $username;
				// Create session var for their email
				$useremail = $row["email"];
				$_SESSION['useremail'] = $useremail;
				// Create session var for their password
				$userpass = $row["password"];
				$_SESSION['userpass'] = $userpass;
				// GET USER IP ADDRESS

Link to comment
Share on other sites

The session cookie will be reset for X seconds with every page click, where X is the argument you provide to that function.

 

If someone clicks before X seconds have elapsed, then the timer is reset.

 

If nothing happens (not even ajax calls) for X seconds, the cookie SHOULD disappear from your browser and the session will expire.

 

If you have anything else that restores the session (like your userID cookies) that invalidates this whole discussion.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.