Session experation

The Little Guy · June 27, 2007

Why are my sessions not expiring?

I have tryed 2 things

1:

session_cache_limiter();
session_cache_expire(1);
session_start();

2:

ini_set("session.gc_maxlifetime", "60");
session_start();

Could the problem be that is that I am placeing it in a global file, which is included on every page?

The Little Guy · June 27, 2007

Anyone, any help?

trecool999 · June 27, 2007

Is session_start()on every page? It might explain a bit of it.

The Little Guy · June 27, 2007

yes it is

JasonLewis · June 28, 2007

what do you mean by "not expiring". are they always running? even when you close the browser and wait then go back on....

The Little Guy · June 28, 2007

what do you mean by "not expiring". are they always running? even when you close the browser and wait then go back on....

No, they expire when the browser closes.

I want them to expire 15 minutes after inactivity, so if the user refreshes the page after 15 minutes of doing nothing, It should ask him/her to log back in.

redarrow · June 28, 2007

when a user logs in do you add the date to the database if so

tell me what format it is ok.

JasonLewis · June 28, 2007

what redarrow is getting at is you can make a timeout scipt yourself. then you could just check the last page refresh against the current time, if its been more then a certain amount destroy the sessions.

Illusion · June 28, 2007

try this

session_cache_expire(15); // for 15 mint

JasonLewis · June 28, 2007

he said he tried that for 1 and it didnt work, why the difference for 15?

Illusion · June 28, 2007

he said he tried that for 1 and it didnt work, why the difference for 15?

that time he is used ini_set()..........now I said use built in php function session_cache_expire(),I used 15 just for an example.

The Little Guy · June 28, 2007

so.... What I could do is make a function, that has a page view time, and then when the user views the page again, match against the current time, then...

either destroy the sessions, if the time is over 15 minutes, or

refresh the session, to the current time, if it is under 15 minutes.

(I feel that would be better than using a database.)

The Little Guy · June 28, 2007

OK... Here is what I came up with. Works great, and if you want to use it, be my guest:

<?php
# Log a user Out
function logOut(){
$_SESSION = array();
if (isset($_COOKIE[session_name()])) {
	setcookie(session_name(), '', time()-42000, '/');
}
session_destroy();
}

# Session Logout after in activity
function sessionX(){
$logLength = 900;  // Max login, in seconds
$ctime = strtotime("now");
if(!isset($_SESSION['sessionX'])){
	$_SESSION['sessionX'] = $ctime;
}else{
	if((strtotime("now") - $_SESSION['sessionX']) > $logLength){
		logOut();
		header("Location: logout_page.php");  //location of your log out success page.
		exit;
	}else{
		$_SESSION['sessionX'] = $ctime;
	}
}
}
# Run Session logout check
sessionX();
?>

Sign In

Session experation

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Join the conversation

Important Information