 |  |  |  |  |  |  |  |
Session time out in PHP
Please support our PHP advertiser: PostgreSQL or MySQL? Compare and contrast the two most popular open source databases
 |
Hi All,
How can i set the session time out in PHP if the user stays inactive for a certain time in a web page.Please help me to solve this..
Thanks
How can i set the session time out in PHP if the user stays inactive for a certain time in a web page.Please help me to solve this..
Thanks
•
•
Join Date: Jan 2008
Posts: 71
Reputation: 
Solved Threads: 7
Junior Poster in Training
PHP Syntax (Toggle Plain Text)
I'd been looking for a solution to this problem as well and had no success with most of the suggestions I'd come across (namely those involving "session.gc.maxlifetime"). Maybe I was implementing them wrong or something...I don't know. But this solution from Amigura finally worked the way I wanted it to. Or it ALMOST did anyway. The following slight rewrite to Amigura's code worked perfectly:
At first the original code just kept redirecting me back to my login page because "$_SESSION['timeout']" didn't exist until after the inactivity check on the first page after login. And you obviously can't set the timeout variable just before you check for inactivity or it will never timeout. Once I added the check that makes sure the timeout variable exists before it checks for inactivity and corrected the typo where Amigura used an "S" instead of a "$," it worked like a champ. Thanks and I hope this helps others with the same problem.
PHP Syntax (Toggle Plain Text)
At first the original code just kept redirecting me back to my login page because "$_SESSION['timeout']" didn't exist until after the inactivity check on the first page after login. And you obviously can't set the timeout variable just before you check for inactivity or it will never timeout. Once I added the check that makes sure the timeout variable exists before it checks for inactivity and corrected the typo where Amigura used an "S" instead of a "$," it worked like a champ. Thanks and I hope this helps others with the same problem.
Last edited by rockcreektech; May 17th, 2008 at 5:45 pm.
•
•
Join Date: Jan 2008
Posts: 71
Reputation:
Solved Threads: 7
Junior Poster in Training
yeah the isset would of helped 
nice rewrite Rockcreektech apart from $_SESSION['start'] needs to be $_SESSION['timeout'];
nice rewrite Rockcreektech apart from $_SESSION['start'] needs to be $_SESSION['timeout'];
Oops
I changed $_SESSION['timeout'] to $_SESSION['start'] on my own script. Then I decided I should probably keep it as close to yours as possible when I posted my rewrite on the site, but I forgot to change that one back apparently. The fully corrected code should be:
Thanks again Amigura.
I changed $_SESSION['timeout'] to $_SESSION['start'] on my own script. Then I decided I should probably keep it as close to yours as possible when I posted my rewrite on the site, but I forgot to change that one back apparently. The fully corrected code should be:
PHP Syntax (Toggle Plain Text)
Thanks again Amigura.
Hi all,
I'm kinda newbie at this. But I was just wondering where are you placing this code? On every page? or just on the main login page, etc? Thanks
Mike
I'm kinda newbie at this. But I was just wondering where are you placing this code? On every page? or just on the main login page, etc? Thanks
Mike
•
•
•
•
Originally Posted by rockcreektech 
Oops
I changed $_SESSION['timeout'] to $_SESSION['start'] on my own script. Then I decided I should probably keep it as close to yours as possible when I posted my rewrite on the site, but I forgot to change that one back apparently. The fully corrected code should be:
PHP Syntax (Toggle Plain Text)
Thanks again Amigura.
It needs to go on every page. And keep in mind this is only the timeout script...not the script that checks to make sure you're logged in. This just makes sure that if someone walks away after they logged in that they get logged back out. The complete script that I put at the top of every page on my site is this:
Notice that it's basically the timeout script (with a little modification) followed by a script that checks to see if the session variable "$_SESSION['valid_user']" is set to "true" and sends you back to the login page if it's not. Then all you have to do is set $_SESSION['valid_user'] to "true" when the person successfully logs in they'll have access to every page that has this at the top. But if they sit idle for longer the the value of $inactive (in my case 20 minutes) the session automatically gets destroyed which unsets $_SESSION['valid_user'] thus making it so they can't get back to the protected pages without logging in again.
I'm sure that was WAY more information than you were probably hoping for
but maybe it'll help somebody. Good luck with it.
PHP Syntax (Toggle Plain Text)
Notice that it's basically the timeout script (with a little modification) followed by a script that checks to see if the session variable "$_SESSION['valid_user']" is set to "true" and sends you back to the login page if it's not. Then all you have to do is set $_SESSION['valid_user'] to "true" when the person successfully logs in they'll have access to every page that has this at the top. But if they sit idle for longer the the value of $inactive (in my case 20 minutes) the session automatically gets destroyed which unsets $_SESSION['valid_user'] thus making it so they can't get back to the protected pages without logging in again.
I'm sure that was WAY more information than you were probably hoping for
but maybe it'll help somebody. Good luck with it.•
•
•
•
Originally Posted by akumakeenta
Hi all,
I'm kinda newbie at this. But I was just wondering where are you placing this code? On every page? or just on the main login page, etc? Thanks
Mike
Last edited by rockcreektech; May 30th, 2008 at 10:23 pm.
HI,
New to PHP coding and tried the timeout code which works, but I would like it to, after the session destroy, automatically go to the login page. What it now is stay in the secured area and then when you click on another link it goes to the login page. Say the user has private information that they have displaying and forgot to log off. It will sit there until one tries to access another page.
Any help will be greatly appreciated.
New to PHP coding and tried the timeout code which works, but I would like it to, after the session destroy, automatically go to the login page. What it now is stay in the secured area and then when you click on another link it goes to the login page. Say the user has private information that they have displaying and forgot to log off. It will sit there until one tries to access another page.
Any help will be greatly appreciated.
•
•
Join Date: Jun 2008
Posts: 174
Reputation:
Solved Threads: 22
Junior Poster
hi roberts,
in login page we first write like this right
so,every time user forget to log out the session will destroy after sometime
and the method u want to use ""What it now is stay in the secured area and then when you click on another link it goes to the login page" is really unsafe and as mentioned u can set session destroy time
in login page we first write like this right
php Syntax (Toggle Plain Text)
and the method u want to use ""What it now is stay in the secured area and then when you click on another link it goes to the login page" is really unsafe and as mentioned u can set session destroy time
Last edited by peter_budo; Jul 15th, 2008 at 6:34 am. Reason: Keep It Organized - please use [code] tags
Failure is success if we learn from it
Leslie,
You'll notice in the script that, if the session has reached the timeout period, a page refresh or trying to go to another secure page will destroy the session then cause the browser to redirect to a file called "logoutpage.php". This could just as easily be "loginpage.php" or anywhere else you might want it to go. Then if you want to make it so that the user cannot accidentally leave secure information visible on screen indefinitely until someone tries to refresh or access another page then all you'd have to do is put something like:
into the html part of your secure pages. This will force the browser to refresh the page 5 seconds after my 600 second (10 minute) timeout interval, thus causing the session to be destroyed and the browser to redirect to "logoutpage.php" automatically without a human needing to be present. Of course you can set the times for whatever you want, just as long as the refresh time (content="605" in this case) is longer than the timeout period. Otherwise the browser would automatically keep the session alive forever.
You'll notice in the script that, if the session has reached the timeout period, a page refresh or trying to go to another secure page will destroy the session then cause the browser to redirect to a file called "logoutpage.php". This could just as easily be "loginpage.php" or anywhere else you might want it to go. Then if you want to make it so that the user cannot accidentally leave secure information visible on screen indefinitely until someone tries to refresh or access another page then all you'd have to do is put something like:
PHP Syntax (Toggle Plain Text)
into the html part of your secure pages. This will force the browser to refresh the page 5 seconds after my 600 second (10 minute) timeout interval, thus causing the session to be destroyed and the browser to redirect to "logoutpage.php" automatically without a human needing to be present. Of course you can set the times for whatever you want, just as long as the refresh time (content="605" in this case) is longer than the timeout period. Otherwise the browser would automatically keep the session alive forever.
•
•
•
•
Originally Posted by leslieroberts
HI,
New to PHP coding and tried the timeout code which works, but I would like it to, after the session destroy, automatically go to the login page. What it now is stay in the secured area and then when you click on another link it goes to the login page. Say the user has private information that they have displaying and forgot to log off. It will sit there until one tries to access another page.
Any help will be greatly appreciated.
Last edited by rockcreektech; Jul 16th, 2008 at 12:54 am.
|
Similar Threads
- Time in php? (PHP)
- Session time limit (DaniWeb Community Feedback)
- Session variables not carrying over to next page (PHP)
- PHP/Mysql (PHP)
- question about connecting odbc to sql through php script (PHP)
- $rs=mysql_query($sql) or die("error in common.inc.php at line 257"); (PHP)
- How Can I Pass A PHP Variable From One .php page to another (PHP)
- WEIRD! php pages do not load unless i hit refresh (PHP)
- Zend PHP Certification (PHP)
- how can i used session and cookies ??? (PHP)
Other Threads in the PHP Forum
- Previous Thread: Show pdf file in web page
- Next Thread: Automatic thumbnail creation
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Latest PHP Posts
- Today's Posts
- Unanswered Threads
Related Forum Features
ajax apache api array back basic beginner binary broken cakephp checkbox class cms code computing confirm cron curl database date delete display dynamic echo email error file files filter folder form forms function functions gc_maxlifetime google host href htaccess html iframe image include insert integration ip java javascript joomla limit link login loop mail malfunction memmory memory menu mlm multiple mysql navigation oop parsing paypal pdf php problem query radio random recursion regex remote script search server sessions sms snippet soap source space sql syntax system table thesishelp trouble tutorial update upload url validation validator variable video web xml youtube
