Menu
I have created a script login.php and there I have created a session variable named logged_in
$_SESSION['logged_in'] = true;
I am unable to figure out a way to redirect to redirect to my logout.php after session expires due to inactivity. Also should I put the code that expire this session variable. I have Googled the bug and what it suggest is to tweak php.ini file in most of the articles. However I came across an article saying that it is not the best practice.
I found the following code on StackOverflow, yet I have no idea where to put it:-
<?php
if ($_SESSION['timeout'] + 10 * 60 < time()) {
// session timed out
} else {
// session ok
}
?>
I would like to know the best way to redirect after session expire and suggestions for where to put the code.
Edit: I forgot to mention that I want to know how to manually set a time for the session to expire.
Thank you in advance
527
The session inactivity timeout setting represents the amount of time a user can be inactive before the user's session times out and closes. It only affects user browser sessions. You can set the values from 5 minutes to 60 minutes. This function has a default value of 30 minutes.
I implemented a solution for this: The client will "ping" the server at intervals of less than the session timeout which will reset the session timer. This is known as the Heartbeat design pattern (I couldn't find a decent site/page to link to)... +1 not only because it's a good solution, but also for the groovy title.
Absolute session timeout is a recommended security feature, while idle session timeout is mainly a resource management feature. Absolute session timeout requires all Spotfire users to log in to the program again after the configured amount of time.
User has been inactive for more than the specified time and the session has timed out. User has been disconnected from the internet mid-session. User has logged in on a different machine while the initial session is still active. The session on the first machine will expire.
If you want to logout the user if they try to load a page when they've been inactive for too long, you should put this code at the top of every php file (before ANY other html tags):
if( $_SESSION['last_activity'] < time()-$_SESSION['expire_time'] ) { //have we expired?
//redirect to logout.php
header('Location: http://yoursite.com/logout.php'); //change yoursite.com to the name of you site!!
} else{ //if we haven't expired:
$_SESSION['last_activity'] = time(); //this was the moment of last activity.
}
Also, put this code at the top of the page where you land when you've successfully logged in:
$_SESSION['logged_in'] = true; //set you've logged in
$_SESSION['last_activity'] = time(); //your last activity was now, having logged in.
$_SESSION['expire_time'] = 3*60*60; //expire time in seconds: three hours (you must change this)
On that page you don't have to include the checking code I gave you first.
By the way, don't forget to add <?php tags correctly!
168
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
