clown[NOR] Posted May 15, 2007 Share Posted May 15, 2007 i'm working on a login system.. and I was wondering... how's the best way to make sure the user get's automaticly logged out after, let's say 5 minutest idle? i have a function called authUser() where I check cookies against the database... should I insert a code in there that sais somthing like this? <?php if ($dbField['logintime'] > strtotime(5 minutes ago)) { // Delete all cookies and clear all login info in database } else { // Update the timestamp in the database. } ?> i'm not sure about the strtotime().. haven't used it to much, but from what I've read on this forum it should work... and what type of timestamp should I use in the database? ... DATETIME or TIME? Thanks In Advance - Clown Quote Link to comment Share on other sites More sharing options...
john010117 Posted May 15, 2007 Share Posted May 15, 2007 I was wondering the same thing myself. I'm guessing for your situation, put that in a seperate file (let's say "session_check.php") and include/require it through all the secure pages. Quote Link to comment Share on other sites More sharing options...
clown[NOR] Posted May 15, 2007 Author Share Posted May 15, 2007 well.. I have the authUser() function in a file called func_login.php and I run the authUser() function on top of every single file that is used in the admin area of the site... just in case someone tries to run the file directly, which means they're maybe trying to hack it.... Quote Link to comment Share on other sites More sharing options...
john010117 Posted May 15, 2007 Share Posted May 15, 2007 If that's the case, then yes, it'll be wise to put that inside of that function. Quote Link to comment Share on other sites More sharing options...
clown[NOR] Posted May 15, 2007 Author Share Posted May 15, 2007 ok... i'll try... but what type of timestamp should I use? DATETIME or just TIME? Quote Link to comment Share on other sites More sharing options...
john010117 Posted May 15, 2007 Share Posted May 15, 2007 Um, I think time would be fine... Quote Link to comment Share on other sites More sharing options...
marf Posted May 15, 2007 Share Posted May 15, 2007 you could yes, have them be 'logged out' after 5 minutes, however they wouldn't actually KNOW they were logged out until they tried to visit another page or refresh. This is where AJAX script can come in. You can set a timer to check every so often, and then log them out after an amount of time they stay idle on one page. Prototype has a timer ability that can do this. Quote Link to comment Share on other sites More sharing options...
clown[NOR] Posted May 15, 2007 Author Share Posted May 15, 2007 hmm... sounds interesting... but I'm still learning php and mysql... so another language on top of this would confuse me but thanks for the info... I'll check it out when I feel safer on php and mysql i do have another question tho... I change the logintime field to TIMESTAMP... and I use date("YmdHis") to update it... but it still appears as Y-m-s H:i:s in the database... why is that? is it supposed to do that or have I messed something up? Quote Link to comment Share on other sites More sharing options...
trq Posted May 15, 2007 Share Posted May 15, 2007 Sessions already have this feature built in. Take a look at the session.cache-expire ini directive if you need to change the time. Note, this can also be changed using ini_set. Quote Link to comment Share on other sites More sharing options...
clown[NOR] Posted May 15, 2007 Author Share Posted May 15, 2007 thanks... yeah i'll look it up now Quote Link to comment Share on other sites More sharing options...
clown[NOR] Posted May 15, 2007 Author Share Posted May 15, 2007 ok.. from what I understand... I can add something like this in my authorization code? if (isset($_SESSION['idle']) { $_SESSION['idle'] = "blabla"; session_catche_expire(5); } else { header("Location: login.php"); } am i right? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.