Jump to content

COuld you help? login script keeps getting auto logout if inactive for 5mins or so


lovephp
Go to solution Solved by lovephp,

Recommended Posts

friends why does my script logs a user out if he/she is inactive for 5mins or 10 etc it gets logout. once i tried changing max_execution_time from 30 to 21600 but still do not help. could someone help fix this?

 

my login form

 

<form id="loginForm" name="loginForm" method="post" action="login-exec.php">
  <table width="300" border="0" align="center" cellpadding="2" cellspacing="0">
    <tr>
      <td width="112"><b>Login</b></td>
      <td width="188"><input name="login" type="text" class="textfield" id="login" /></td>
    </tr>
    <tr>
      <td><b>Password</b></td>
      <td><input name="password" type="password" class="textfield" id="password" /></td>
    </tr>
    <tr>
      <td> </td>
      <td><input type="submit" name="Submit" value="Login" /></td>
    </tr>
  </table>
</form>

 

my login-exec.php script

 

<?php
    //Start session
    session_start();
    
    //Include database connection details
    require_once('config.php');
    
    //Array to store validation errors
    $errmsg_arr = array();
    
    //Validation error flag
    $errflag = false;
    
    //Function to sanitize values received from the form. Prevents SQL injection
    function clean($str) {
        $str = @trim($str);
        if(get_magic_quotes_gpc()) {
            $str = stripslashes($str);
        }
        return mysql_real_escape_string($str);
    }
    
    //Sanitize the POST values
    $login = clean($_POST['login']);
    $password = clean($_POST['password']);
    
    //Input Validations
    if($login == '') {
        $errmsg_arr[] = 'Login ID missing';
        $errflag = true;
    }
    if($password == '') {
        $errmsg_arr[] = 'Password missing';
        $errflag = true;
    }
    
    //If there are input validations, redirect back to the login form
    if($errflag) {
        $_SESSION['ERRMSG_ARR'] = $errmsg_arr;
        session_write_close();
        header("location: index.php");
        exit();
    }
    
    //Create query
    $qry="SELECT * FROM members WHERE login='$login' AND passwd='".$_POST['password']."'";
    $result=mysql_query($qry);
    
    //Check whether the query was successful or not
    if($result) {
        if(mysql_num_rows($result) == 1) {
            //Login Successful
            session_regenerate_id();
            $member = mysql_fetch_assoc($result);
            $_SESSION['SESS_MEMBER_ID'] = $member['member_id'];
            $_SESSION['SESS_LOGIN_NAME'] = $member['login'];
            $_SESSION['SESS_PASS'] = $member['passwd'];
            $_SESSION['SESS_SUPERVISOR'] = $member['supervisor'];
            session_write_close();
            header("location: member-index.php");
            exit();
        }else {
            //Login failed
            header("location: login-failed.php");
            exit();
        }
    }else {
        die("Query failed");
    }
?>

 

and my auth.php on top of every protected pages

 

 
<?php
    //Start session
    session_start();
    
    //Check whether the session variable SESS_MEMBER_ID is present or not
    if(!isset($_SESSION['SESS_MEMBER_ID']) || (trim($_SESSION['SESS_MEMBER_ID']) == '')) {
        header("location: access-denied.php");
        exit();
    }
?>

 

would really appreciate if someone could help me fix this :-*

regards

Link to comment
Share on other sites

if the time is actually after 24 minutes of inactivity, it's due to the session data files being deleted due to the default value for session.gc_maxlifetime of 1440 seconds. in general, if you need to have sessions persist for longer periods of inactivity, you need to set session.gc_maxlifetime to a longer/reasonable value.

 

if the time seems to vary, its likely a script running on the server is setting session.gc_maxlifetime to a fairly short value (usually done to automatically 'log' people out), which is causing the session data files to be deleted. you would need to find the script doing this and change it to not use session.gc_maxlifetime for this purpose. to automatically log people out, you need to store the last access time and check on each (the next) page request how much time has gone by since the last request to automatically log someone out.

Link to comment
Share on other sites

wel this is the only script running. So if in php.ini i increase the 1440 to longer would it stop the problem? I tried the max_execution_time but its kinda not helping. Or anything i could do with my script? Am not too fimiliar with login system so am clueless about it.

Link to comment
Share on other sites

is the php.ini that you changed the one that php is using (a phpinfo() would conform that the session.gc_maxlifetime setting got changed) and if you changed the master php.ini, did you restart the web server to get the change to take effect and if you changed a local php.ini, do you have multiple folders and must have the local php.ini settings in each folder?

 

you could also have a logic error or are redirecting between url's that have and don't have the www. on them (by default the session id cookie will only match host-name/sub-domain where it was set at.)

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.