943,708 Members | Top Members by Rank

Web Development > PHP > Session time out in PHP
Ad:
  • PHP Discussion Thread
  • Unsolved
  • Views: 140100
  • PHP RSS
You are currently viewing page 1 of this multi-page discussion thread
Permalink
May 16th, 2008
0

Session time out in PHP

Expand Post »
Hi All,
How can i set the session time out in PHP if the user stays inactive for a certain time in a web page.Please help me to solve this..

Thanks
Similar Threads
Reputation Points: 10
Solved Threads: 3
Light Poster
anish.anick is offline Offline
47 posts
since Jan 2008
Permalink
May 17th, 2008
0

Re: Session time out in PHP

PHP Syntax (Toggle Plain Text)
  1. session_start();
  2.  
  3. // 10 mins in seconds
  4. $inactive = 600; 
  5.  
  6. $session_life = time() - $_session['timeout'];
  7.  
  8. if($session_life > $inactive)
  9. {  session_destroy(); header("Location: logoutpage.php");     }
  10.  
  11. S_session['timeout']=time();
Reputation Points: 11
Solved Threads: 7
Junior Poster in Training
amigura is offline Offline
71 posts
since Jan 2008
Permalink
May 17th, 2008
0

Re: Session time out in PHP

I'd been looking for a solution to this problem as well and had no success with most of the suggestions I'd come across (namely those involving "session.gc.maxlifetime"). Maybe I was implementing them wrong or something...I don't know. But this solution from Amigura finally worked the way I wanted it to. Or it ALMOST did anyway. The following slight rewrite to Amigura's code worked perfectly:

PHP Syntax (Toggle Plain Text)
  1. session_start();
  2.  
  3. // set timeout period in seconds
  4. $inactive = 600;
  5.  
  6. // check to see if $_SESSION['timeout'] is set
  7. if(isset($_SESSION['timeout']) ) {
  8. 	$session_life = time() - $_SESSION['start'];
  9. 	if($session_life > $inactive)
  10.         { session_destroy(); header("Location: logoutpage.php"); }
  11. }
  12. $_SESSION['timeout'] = time();

At first the original code just kept redirecting me back to my login page because "$_SESSION['timeout']" didn't exist until after the inactivity check on the first page after login. And you obviously can't set the timeout variable just before you check for inactivity or it will never timeout. Once I added the check that makes sure the timeout variable exists before it checks for inactivity and corrected the typo where Amigura used an "S" instead of a "$," it worked like a champ. Thanks and I hope this helps others with the same problem.
Last edited by rockcreektech; May 17th, 2008 at 5:45 pm.
Reputation Points: 10
Solved Threads: 0
Newbie Poster
rockcreektech is offline Offline
4 posts
since May 2008
Permalink
May 17th, 2008
0

Re: Session time out in PHP

yeah the isset would of helped
nice rewrite Rockcreektech apart from $_SESSION['start'] needs to be $_SESSION['timeout'];
Reputation Points: 11
Solved Threads: 7
Junior Poster in Training
amigura is offline Offline
71 posts
since Jan 2008
Permalink
May 17th, 2008
0

Re: Session time out in PHP

Oops

I changed $_SESSION['timeout'] to $_SESSION['start'] on my own script. Then I decided I should probably keep it as close to yours as possible when I posted my rewrite on the site, but I forgot to change that one back apparently. The fully corrected code should be:

PHP Syntax (Toggle Plain Text)
  1. session_start();
  2.  
  3. // set timeout period in seconds
  4. $inactive = 600;
  5.  
  6. // check to see if $_SESSION['timeout'] is set
  7. if(isset($_SESSION['timeout']) ) {
  8. 	$session_life = time() - $_SESSION['timeout'];
  9. 	if($session_life > $inactive)
  10.         { session_destroy(); header("Location: logoutpage.php"); }
  11. }
  12. $_SESSION['timeout'] = time();

Thanks again Amigura.
Reputation Points: 10
Solved Threads: 0
Newbie Poster
rockcreektech is offline Offline
4 posts
since May 2008
Permalink
May 28th, 2008
0

Re: Session time out in PHP

Hi all,

I'm kinda newbie at this. But I was just wondering where are you placing this code? On every page? or just on the main login page, etc? Thanks

Mike


Click to Expand / Collapse  Quote originally posted by rockcreektech ...
Oops

I changed $_SESSION['timeout'] to $_SESSION['start'] on my own script. Then I decided I should probably keep it as close to yours as possible when I posted my rewrite on the site, but I forgot to change that one back apparently. The fully corrected code should be:

PHP Syntax (Toggle Plain Text)
  1. session_start();
  2.  
  3. // set timeout period in seconds
  4. $inactive = 600;
  5.  
  6. // check to see if $_SESSION['timeout'] is set
  7. if(isset($_SESSION['timeout']) ) {
  8. 	$session_life = time() - $_SESSION['timeout'];
  9. 	if($session_life > $inactive)
  10.         { session_destroy(); header("Location: logoutpage.php"); }
  11. }
  12. $_SESSION['timeout'] = time();

Thanks again Amigura.
Reputation Points: 10
Solved Threads: 0
Newbie Poster
akumakeenta is offline Offline
1 posts
since May 2008
Permalink
May 30th, 2008
0

Re: Session time out in PHP

It needs to go on every page. And keep in mind this is only the timeout script...not the script that checks to make sure you're logged in. This just makes sure that if someone walks away after they logged in that they get logged back out. The complete script that I put at the top of every page on my site is this:

PHP Syntax (Toggle Plain Text)
  1. session_cache_expire( 20 );
  2. session_start(); // NEVER FORGET TO START THE SESSION!!!
  3. $inactive = 1200;
  4. if(isset($_SESSION['start']) ) {
  5. 	$session_life = time() - $_SESSION['start'];
  6. 	if($session_life > $inactive){
  7. 		header("Location: user_logout.php");
  8. 	}
  9. }
  10. $_SESSION['start'] = time();
  11.  
  12. if($_SESSION['valid_user'] != true){
  13. header('Location: ../index.php');
  14.  
  15. }else{

Notice that it's basically the timeout script (with a little modification) followed by a script that checks to see if the session variable "$_SESSION['valid_user']" is set to "true" and sends you back to the login page if it's not. Then all you have to do is set $_SESSION['valid_user'] to "true" when the person successfully logs in they'll have access to every page that has this at the top. But if they sit idle for longer the the value of $inactive (in my case 20 minutes) the session automatically gets destroyed which unsets $_SESSION['valid_user'] thus making it so they can't get back to the protected pages without logging in again.

I'm sure that was WAY more information than you were probably hoping for but maybe it'll help somebody. Good luck with it.

Click to Expand / Collapse  Quote originally posted by akumakeenta ...
Hi all,

I'm kinda newbie at this. But I was just wondering where are you placing this code? On every page? or just on the main login page, etc? Thanks

Mike
Last edited by rockcreektech; May 30th, 2008 at 10:23 pm.
Reputation Points: 10
Solved Threads: 0
Newbie Poster
rockcreektech is offline Offline
4 posts
since May 2008
Permalink
Jul 15th, 2008
0

Re: Session time out in PHP

HI,

New to PHP coding and tried the timeout code which works, but I would like it to, after the session destroy, automatically go to the login page. What it now is stay in the secured area and then when you click on another link it goes to the login page. Say the user has private information that they have displaying and forgot to log off. It will sit there until one tries to access another page.

Any help will be greatly appreciated.
Reputation Points: 10
Solved Threads: 0
Newbie Poster
leslieroberts is offline Offline
1 posts
since Jul 2008
Permalink
Jul 15th, 2008
0

Re: Session time out in PHP

hi roberts,
in login page we first write like this right
php Syntax (Toggle Plain Text)
  1. <?
  2. session_start(); 
  3. include('functions.php');
  4.  
  5. if($_SERVER['REQUEST_METHOD']=="POST"){
  6.  
  7. 	$qer="select * from users where username='".$_POST['username']."' and password='".$_POST['password']."'";
  8. 	$res=mysql_query($qer);
  9. 	$num=mysql_num_rows($res);
  10. 	if($num==0)
  11. 		{
  12. 			$msg=1;
  13. 		}
  14. 	else if($num==1)
  15. 		{
  16. 			session_unregister("user_name");
  17. 			session_register("user_name");
  18. 			$_SESSION['user_name']=$_POST['username'];
  19.  
  20. 			session_unregister("adminid");
  21. 			session_register("adminid");
  22. 			$_SESSION['userid']=getdata("user","id","username='".$_POST['username']."' and password='".$_POST['password']."'");
  23.  
  24. 			echo'<script language="javascript">window.location.href="welcome.php";</script>';
  25. 		}
  26. }
  27. ?>
so,every time user forget to log out the session will destroy after sometime
and the method u want to use ""What it now is stay in the secured area and then when you click on another link it goes to the login page" is really unsafe and as mentioned u can set session destroy time
Last edited by peter_budo; Jul 15th, 2008 at 6:34 am. Reason: Keep It Organized - please use [code] tags
Reputation Points: 21
Solved Threads: 29
Posting Whiz in Training
praveen_dusari is offline Offline
202 posts
since Jun 2008
Permalink
Jul 16th, 2008
0

Re: Session time out in PHP

Leslie,

You'll notice in the script that, if the session has reached the timeout period, a page refresh or trying to go to another secure page will destroy the session then cause the browser to redirect to a file called "logoutpage.php". This could just as easily be "loginpage.php" or anywhere else you might want it to go. Then if you want to make it so that the user cannot accidentally leave secure information visible on screen indefinitely until someone tries to refresh or access another page then all you'd have to do is put something like:

PHP Syntax (Toggle Plain Text)
  1. <meta http-equiv="refresh" content="605">

into the html part of your secure pages. This will force the browser to refresh the page 5 seconds after my 600 second (10 minute) timeout interval, thus causing the session to be destroyed and the browser to redirect to "logoutpage.php" automatically without a human needing to be present. Of course you can set the times for whatever you want, just as long as the refresh time (content="605" in this case) is longer than the timeout period. Otherwise the browser would automatically keep the session alive forever.

Click to Expand / Collapse  Quote originally posted by leslieroberts ...
HI,

New to PHP coding and tried the timeout code which works, but I would like it to, after the session destroy, automatically go to the login page. What it now is stay in the secured area and then when you click on another link it goes to the login page. Say the user has private information that they have displaying and forgot to log off. It will sit there until one tries to access another page.

Any help will be greatly appreciated.
Last edited by rockcreektech; Jul 16th, 2008 at 12:54 am.
Reputation Points: 10
Solved Threads: 0
Newbie Poster
rockcreektech is offline Offline
4 posts
since May 2008
Message:
Previous Thread in PHP Forum Timeline: Writing data to rtf file
Next Thread in PHP Forum Timeline: Display Rows in different sections





About Us | Contact Us | Advertise | Acceptable Use Policy
Forum Index | Build Custom RSS Feed


Follow us on Twitter


© 2011 DaniWeb® LLC