Menu
i am using the following technique...
From the login.php the form posts to the page check.php where i do this
<?php
$uzer = $_POST['user_name'];
$pass = $_POST['user_pass'];
require ('DB_connection.php');
$result = mysql_query("SELECT * FROM accounts WHERE user_Name='$uzer' AND user_Pass='$pass'");
if( mysql_num_rows( $result ) > 0)
{
$array = mysql_fetch_assoc($result);
session_start();
$_SESSION['user_id'] = $uzer;
header("Location:loggedin.php");
}
else
{
header("Location:login.php");
}
?>
and on loggedin.php page the first thing i do is
<?php
session_start();
if( !isset( $_SESSION['user_id'] ) )
{
header("Location:login.php");
}
else
{
echo ( "this session is ". $_SESSION['user_id'] );
//show rest of the page and all
}
?>
but once logged in when i directly type the url localhost\myProject\loggedin.php it displays the page...which makes perfect sense because the session has started
what i want to implement is
WHAT DO I NEED TO DO OR LEARN
443
A PHP session can be destroyed by session_destroy() function. This function does not need any argument and a single call can destroy all the session variables. If you want to destroy a single session variable then you can use unset() function to unset a session variable.
By default, a session in PHP gets destroyed when the browser is closed. Session timeout can be customized, to make the user's page inactive after a fixed time. Starting session: The PHP, session_start() function is used to start a session in the web page.
The timeout limit of the session can be set by setting the value of two directives in the php. ini file or using the ini_set() function in the PHP script. The directives are given below. It is used to set the time limit in seconds to store the session information in the server for a long time.
Store a timestamp in the session:
<?php
$uzer = $_POST['user_name'];
$pass = $_POST['user_pass'];
require ('DB_connection.php');
// Hey, always escape input if necessary!
$result = mysql_query(sprintf("SELECT * FROM accounts WHERE user_Name='%s' AND user_Pass='%s'", mysql_real_escape_string($uzer), mysql_real_escape_string($pass));
if( mysql_num_rows( $result ) > 0)
{
$array = mysql_fetch_assoc($result);
session_start();
$_SESSION['user_id'] = $uzer;
$_SESSION['login_time'] = time();
header("Location:loggedin.php");
}
else
{
header("Location:login.php");
}
?>
Check if the timestamp is within the allowed time window (600 seconds is 10 minutes):
<?php
session_start();
if( !isset( $_SESSION['user_id'] ) || time() - $_SESSION['login_time'] > 600)
{
header("Location:login.php");
}
else
{
// uncomment the next line to refresh the session, so it will expire after ten minutes of inactivity, and not 10 minutes after login
//$_SESSION['login_time'] = time();
echo ( "this session is ". $_SESSION['user_id'] );
//show rest of the page and all
}
?>
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
