[SOLVED] how to timeout $_SESSION after 5 minutes of idle time

[clown[NOR]]

well... here i go again... When I log in on my website I want to be automaticly logged out if i'm idle more than 5 minutes... I have everything working on my login... so all i need to do is to fix that idle part... anyone have a good idea on how to do that??

[MadTechie]

use a database to store the login session info including a timestamp, update the session info on requests if the time is greater than the timestamp+5 minutes then count as a logout

[clown[NOR]]

the issue here is that i'm not using a DB i'm using a flat file.. but when i think about it... this is only my personal website, and i'm the only one logging in... so if i just make a file and add the time into that... it should count as a logout...or am i wrong?

[clown[NOR]]

can i make a session named timestamp ?

and on top of the index i check the timestamp?

 

and what should i use? microtime()?

[clown[NOR]]

anyone?

[redking]

session_cache_expire(5);

 

put this before session_start();

 

 

[clown[NOR]]

something like this then?

session_catche_limiter('login');
session_catche_limiter('user');
session_catche_expire(5);
session_start();

[clown[NOR]]

well... that didn't work... i added the limiters to the top of index.php and just messed around on the site for a couple of seconds... then i left it alone for about 10 minutes... but i was still logged in.. this is what I'm using

 

	
if (isset($_SESSION['login'])) {
	session_cache_limiter('login');
	session_cache_limiter('user');
	session_cache_expire(5);
}

[MadTechie]

a simple solution would be to hold a session thats stores the time it was set then when that time + 5 minutes expires destory all sessions

[clown[NOR]]

can i use something like this?

 

<?php
if (isset($_SESSION['timestamp'])) {
$ct = date("g:i");
if ($ct < $_SESSION['timestamp']) {
	list($hr,$min)=split(":", $ct);
	$min = $min+5;
	$ts = $hr . ":" . $min;
	$_SESSION['timestamp'] = $ts;
} else {
	unset($_SESSION['timestamp']);
	unset($_SESSION['login']);
	unset($_SESSION['user']);
}
}
elseif (!isset($_SESSION['timestamp'])) {
	$ct = date("g:i");
	list($hr,$min)=split(":", $ct);
	$min = $min+5;
	$ts = $hr . ":" . $min;
	$_SESSION['timestamp'] = $ts;
}
?>

[MadTechie]

as a side note:

In the php.ini, you can configure the session.gc_maxlifetime setting. This setting controls how long a session may live before the garbage collector kills it because it has expired. Then, in your own script, if you feel the php.ini setting is too short, you can specify your own gc_maxlifetime by using ini_set().

 

so to sum up.. to make sessions short isn't a problem

 

have you tried adding this

 

<?php
ini_set("session.gc_maxlifetime","300") //5*60 = 300 secs

?>

[clown[NOR]]

yeah... but the issue is that I use sessions to remember peoples name and url in the shoutbox... so if i kill them every 5 minutes that means that the name and urls in the shoutbox disapears to.. hehe

[MadTechie]

Oh.. 

 

i'm sure something like

 

<?php
session_start();
$the_time = time() + (5*60)
if($_SESSION['timestamp'] <  $the_time)
{
$_SESSION['timestamp'] = time();
}else{
session_destroy();
}

?>

 

would work

[clown[NOR]]

yeah probably... but the one i wrote (even tho it's much more complicated than what you made) worked=) hehe... but thanks anyway

 

another simple question... do i have my own php.ini file for my domain? cuz I would like to set the time up to a really long time... since now when I had been idle for a while all my sessions was gone ... hehe =) that means, my name and url in the shoutbox was gone to =)

 

what's the highest number I can set that ini_set("session.gc_maxlifetime","300") to?

[MadTechie]

php.ini files are for the whole server not just for a single domain(as far as i know)

 

session.gc_maxlifetime can be set as high as you like but will have NO AFFECT if its higher than the one set in the php.ini file

 

basically the system will run a trash collection (set by the  php.ini file) you can use session.gc_maxlifetime to tell the system to cleanup sooner but thats for your sessions the one set in the php.ini is global (all domain)

 

i maybe wrong but thats what believe

[clown[NOR]]

oh ok... well that sucked...hehe =) oh well... looks like i need to go back to the cookies...hehe... hopefully they like me more now than they did earlier =) i'm conviced that the setcookie() function hates me

[MadTechie]

Does your routine work on time rollovers ?

 

ie @ 12:58.20

 

[clown[NOR]]

i dont understand what you mean...sorry...