•
•
•
•
What is DaniWeb IT Discussion Community?
You're currently browsing the PHP section within the Web Development category of DaniWeb, a massive community of 402,620 software developers, web developers, Internet marketers, and tech gurus who are all enthusiastic about making contacts, networking, and learning from each other. In fact, there are 2,263 IT professionals currently interacting right now! Registration is free, only takes a minute and lets you enjoy all of the interactive features of the site.
Please support our PHP advertiser: Lunarpages PHP Web Hosting
Views: 2083 | Replies: 9
 |
•
•
Join Date: Jan 2008
Posts: 4
Reputation: 
Rep Power: 0
Solved Threads: 0
Newbie Poster
Hi All,
How can i set the session time out in PHP if the user stays inactive for a certain time in a web page.Please help me to solve this..
Thanks
How can i set the session time out in PHP if the user stays inactive for a certain time in a web page.Please help me to solve this..
Thanks
•
•
Join Date: Jan 2008
Posts: 71
Reputation:
Rep Power: 1
Solved Threads: 7
Junior Poster in Training
session_start();
// 10 mins in seconds
$inactive = 600;
$session_life = time() - $_session['timeout'];
if($session_life > $inactive)
{ session_destroy(); header("Location: logoutpage.php"); }
S_session['timeout']=time(); •
•
Join Date: May 2008
Posts: 4
Reputation:
Rep Power: 0
Solved Threads: 0
Newbie Poster
I'd been looking for a solution to this problem as well and had no success with most of the suggestions I'd come across (namely those involving "session.gc.maxlifetime"). Maybe I was implementing them wrong or something...I don't know. But this solution from Amigura finally worked the way I wanted it to. Or it ALMOST did anyway. The following slight rewrite to Amigura's code worked perfectly:
At first the original code just kept redirecting me back to my login page because "$_SESSION['timeout']" didn't exist until after the inactivity check on the first page after login. And you obviously can't set the timeout variable just before you check for inactivity or it will never timeout. Once I added the check that makes sure the timeout variable exists before it checks for inactivity and corrected the typo where Amigura used an "S" instead of a "$," it worked like a champ. Thanks and I hope this helps others with the same problem.
session_start();
// set timeout period in seconds
$inactive = 600;
// check to see if $_SESSION['timeout'] is set
if(isset($_SESSION['timeout']) ) {
$session_life = time() - $_SESSION['start'];
if($session_life > $inactive)
{ session_destroy(); header("Location: logoutpage.php"); }
}
$_SESSION['timeout'] = time();At first the original code just kept redirecting me back to my login page because "$_SESSION['timeout']" didn't exist until after the inactivity check on the first page after login. And you obviously can't set the timeout variable just before you check for inactivity or it will never timeout. Once I added the check that makes sure the timeout variable exists before it checks for inactivity and corrected the typo where Amigura used an "S" instead of a "$," it worked like a champ. Thanks and I hope this helps others with the same problem.
Last edited by rockcreektech : May 17th, 2008 at 4:45 pm.
•
•
Join Date: Jan 2008
Posts: 71
Reputation:
Rep Power: 1
Solved Threads: 7
Junior Poster in Training
yeah the isset would of helped 
nice rewrite Rockcreektech apart from $_SESSION['start'] needs to be $_SESSION['timeout'];
nice rewrite Rockcreektech apart from $_SESSION['start'] needs to be $_SESSION['timeout'];
•
•
Join Date: May 2008
Posts: 4
Reputation:
Rep Power: 0
Solved Threads: 0
Newbie Poster
Oops
I changed $_SESSION['timeout'] to $_SESSION['start'] on my own script. Then I decided I should probably keep it as close to yours as possible when I posted my rewrite on the site, but I forgot to change that one back apparently. The fully corrected code should be:
Thanks again Amigura.
I changed $_SESSION['timeout'] to $_SESSION['start'] on my own script. Then I decided I should probably keep it as close to yours as possible when I posted my rewrite on the site, but I forgot to change that one back apparently. The fully corrected code should be:
session_start();
// set timeout period in seconds
$inactive = 600;
// check to see if $_SESSION['timeout'] is set
if(isset($_SESSION['timeout']) ) {
$session_life = time() - $_SESSION['timeout'];
if($session_life > $inactive)
{ session_destroy(); header("Location: logoutpage.php"); }
}
$_SESSION['timeout'] = time();Thanks again Amigura.
•
•
Join Date: May 2008
Posts: 1
Reputation:
Rep Power: 0
Solved Threads: 0
Newbie Poster
Hi all,
I'm kinda newbie at this. But I was just wondering where are you placing this code? On every page? or just on the main login page, etc? Thanks
Mike
I'm kinda newbie at this. But I was just wondering where are you placing this code? On every page? or just on the main login page, etc? Thanks
Mike
•
•
•
•
Originally Posted by rockcreektech 
Oops
I changed $_SESSION['timeout'] to $_SESSION['start'] on my own script. Then I decided I should probably keep it as close to yours as possible when I posted my rewrite on the site, but I forgot to change that one back apparently. The fully corrected code should be:
session_start(); // set timeout period in seconds $inactive = 600; // check to see if $_SESSION['timeout'] is set if(isset($_SESSION['timeout']) ) { $session_life = time() - $_SESSION['timeout']; if($session_life > $inactive) { session_destroy(); header("Location: logoutpage.php"); } } $_SESSION['timeout'] = time();
Thanks again Amigura.
•
•
Join Date: May 2008
Posts: 4
Reputation:
Rep Power: 0
Solved Threads: 0
Newbie Poster
It needs to go on every page. And keep in mind this is only the timeout script...not the script that checks to make sure you're logged in. This just makes sure that if someone walks away after they logged in that they get logged back out. The complete script that I put at the top of every page on my site is this:
Notice that it's basically the timeout script (with a little modification) followed by a script that checks to see if the session variable "$_SESSION['valid_user']" is set to "true" and sends you back to the login page if it's not. Then all you have to do is set $_SESSION['valid_user'] to "true" when the person successfully logs in they'll have access to every page that has this at the top. But if they sit idle for longer the the value of $inactive (in my case 20 minutes) the session automatically gets destroyed which unsets $_SESSION['valid_user'] thus making it so they can't get back to the protected pages without logging in again.
I'm sure that was WAY more information than you were probably hoping for
but maybe it'll help somebody. Good luck with it.
session_cache_expire( 20 );
session_start(); // NEVER FORGET TO START THE SESSION!!!
$inactive = 1200;
if(isset($_SESSION['start']) ) {
$session_life = time() - $_SESSION['start'];
if($session_life > $inactive){
header("Location: user_logout.php");
}
}
$_SESSION['start'] = time();
if($_SESSION['valid_user'] != true){
header('Location: ../index.php');
}else{Notice that it's basically the timeout script (with a little modification) followed by a script that checks to see if the session variable "$_SESSION['valid_user']" is set to "true" and sends you back to the login page if it's not. Then all you have to do is set $_SESSION['valid_user'] to "true" when the person successfully logs in they'll have access to every page that has this at the top. But if they sit idle for longer the the value of $inactive (in my case 20 minutes) the session automatically gets destroyed which unsets $_SESSION['valid_user'] thus making it so they can't get back to the protected pages without logging in again.
I'm sure that was WAY more information than you were probably hoping for
but maybe it'll help somebody. Good luck with it.•
•
•
•
Originally Posted by akumakeenta
Hi all,
I'm kinda newbie at this. But I was just wondering where are you placing this code? On every page? or just on the main login page, etc? Thanks
Mike
Last edited by rockcreektech : May 30th, 2008 at 9:23 pm.
•
•
Join Date: Jul 2008
Posts: 1
Reputation:
Rep Power: 0
Solved Threads: 0
Newbie Poster
HI,
New to PHP coding and tried the timeout code which works, but I would like it to, after the session destroy, automatically go to the login page. What it now is stay in the secured area and then when you click on another link it goes to the login page. Say the user has private information that they have displaying and forgot to log off. It will sit there until one tries to access another page.
Any help will be greatly appreciated.
New to PHP coding and tried the timeout code which works, but I would like it to, after the session destroy, automatically go to the login page. What it now is stay in the secured area and then when you click on another link it goes to the login page. Say the user has private information that they have displaying and forgot to log off. It will sit there until one tries to access another page.
Any help will be greatly appreciated.
•
•
Join Date: Jun 2008
Location: hyderabad,india
Posts: 95
Reputation:
Rep Power: 1
Solved Threads: 11
Junior Poster in Training
hi roberts,
in login page we first write like this right
so,every time user forget to log out the session will destroy after sometime
and the method u want to use ""What it now is stay in the secured area and then when you click on another link it goes to the login page" is really unsafe and as mentioned u can set session destroy time
in login page we first write like this right
php Syntax (Toggle Plain Text)
and the method u want to use ""What it now is stay in the secured area and then when you click on another link it goes to the login page" is really unsafe and as mentioned u can set session destroy time
Last edited by peter_budo : Jul 15th, 2008 at 5:34 am. Reason: Keep It Organized - please use [code] tags
Failure is success if we learn from it
•
•
Join Date: May 2008
Posts: 4
Reputation:
Rep Power: 0
Solved Threads: 0
Newbie Poster
Leslie,
You'll notice in the script that, if the session has reached the timeout period, a page refresh or trying to go to another secure page will destroy the session then cause the browser to redirect to a file called "logoutpage.php". This could just as easily be "loginpage.php" or anywhere else you might want it to go. Then if you want to make it so that the user cannot accidentally leave secure information visible on screen indefinitely until someone tries to refresh or access another page then all you'd have to do is put something like:
into the html part of your secure pages. This will force the browser to refresh the page 5 seconds after my 600 second (10 minute) timeout interval, thus causing the session to be destroyed and the browser to redirect to "logoutpage.php" automatically without a human needing to be present. Of course you can set the times for whatever you want, just as long as the refresh time (content="605" in this case) is longer than the timeout period. Otherwise the browser would automatically keep the session alive forever.
You'll notice in the script that, if the session has reached the timeout period, a page refresh or trying to go to another secure page will destroy the session then cause the browser to redirect to a file called "logoutpage.php". This could just as easily be "loginpage.php" or anywhere else you might want it to go. Then if you want to make it so that the user cannot accidentally leave secure information visible on screen indefinitely until someone tries to refresh or access another page then all you'd have to do is put something like:
<meta http-equiv="refresh" content="605">
into the html part of your secure pages. This will force the browser to refresh the page 5 seconds after my 600 second (10 minute) timeout interval, thus causing the session to be destroyed and the browser to redirect to "logoutpage.php" automatically without a human needing to be present. Of course you can set the times for whatever you want, just as long as the refresh time (content="605" in this case) is longer than the timeout period. Otherwise the browser would automatically keep the session alive forever.
•
•
•
•
Originally Posted by leslieroberts
HI,
New to PHP coding and tried the timeout code which works, but I would like it to, after the session destroy, automatically go to the login page. What it now is stay in the secured area and then when you click on another link it goes to the login page. Say the user has private information that they have displaying and forgot to log off. It will sit there until one tries to access another page.
Any help will be greatly appreciated.
Last edited by rockcreektech : Jul 15th, 2008 at 11:54 pm.
|
•
•
•
•
•
•
•
•
DaniWeb PHP Marketplace
•
•
•
•
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
Linear Mode
- Time in php? (PHP)
- Session time limit (DaniWeb Community Feedback)
- Session variables not carrying over to next page (PHP)
- PHP/Mysql (PHP)
- question about connecting odbc to sql through php script (PHP)
- $rs=mysql_query($sql) or die("error in common.inc.php at line 257"); (PHP)
- How Can I Pass A PHP Variable From One .php page to another (PHP)
- WEIRD! php pages do not load unless i hit refresh (PHP)
- Zend PHP Certification (PHP)
- how can i used session and cookies ??? (PHP)
Other Threads in the PHP Forum
- Previous Thread: CAN TCPDF Convert URL To PDF?
- Next Thread: Login page
