Hi,
I am developing a website using PHP.There is a page which I am supposed
to do session time out after 1 minute and whenever any >action
is to be performed after 1 minute , it will be not able to perform that
and hence session expire should be posed.
Awaiting for your assistance.
There are many ways to skin this particular cat.
I have used two types of methods in the past to tackle this problem
before.
Firstly, you can actually send in the HTTP headers the expiration time
for your Cookie
http://php.net/manual/en/ref.session.php#ini.session.cookie-lifetime
This implies you using something like:
session_set_cookie_params(lifetime in seconds);
Via this method you have some reliability but it is dependant on certain
other factors.
You could use this method and in your session cookie also add a
timestamp of time() when it is created initially..
Then you could simply compare this timestamp at next page load and if it
passes 60 seconds then you can simply unset the SESSION in question..
Easy
Orrr... My current "login/timeout" principle I use at the moment has a
somewhat larger time interval [say 1 hour to 12] depending on
application of timeout and works via a mysql DB entry.
For example users joining a clients site I am working on:
http://befitcommunity.com , via the signup system will have 1 hour
between starting the registration process and reaching step 4
[completion]. Also, any page reload you do in the process [or submission
of one of the steps] will re-'touch' this timeout value and reset your
timer for another hour.
It is designed to ensure users don't attempt hogging a username or email
address, etc and not completing a signup then waiting for my cron/php
library cleanup script to sort it out later..
I figure if someone can't bother or wasn't able to [in honest fashion,
ie. computer crash, browser client frozen, Windows machine, hahahahah
that was a good one] finish the application, there should be a mechanism
to free up the user and email address and details etc without waiting
many hours or days.
This is done because of the amount of data I collect in my signup
process, I happen to actually "buffer" or cache the new signups step by
step into the database progressively as more details come in, linking
each page via a group of common session elements to reference which user
account I am working with.
it works fantastically well... I also implement a mysql timeout system
with registrations that haven't been activated within 72 hours [clicking
link in email or copy-pasting confirmation code] and same with other
certain expired conditions.
Basically i just check to see if it is a new signup, or if they are in
the process of progressing through the signup [easily determined by my
session vars and their values], if they are IN a signup process it
checks the stored mysql datetime/timestamp of last "refresh" or submit
and if it hasn't passed one hour then it just "touch"es it to NOW().
Otherwise it unsets all the session vars in question and prints error
timeout page..
Let me know how it goes. or hit me up for clarification
Regards,
Vinod.
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.1.392 / Virus Database: 268.5.6/339 - Release Date: 14/05/2006
[Index of Archives]
[PHP Users]
[PHP Home]
[PHP on Windows]
[Kernel Newbies]
[PHP Classes]
[Postgresql]
[PHP Books]
[PHP Databases]
[PHP SOAP]
