> > > So I was thinking on implementing some sort of automatic session
refresh
> > > after a short period, let's say every 20 minutes of inactivity.
> > >
> > > And of course I should provide the users with a manual way to make
> > > session end, sort of a logout from the application.( no problem with
> > > that)
> > >
> > > My question is:
> > >
> > > Is there a way to set sort of a timer as to invoke an
hipothetical
> > > "refresh_session.php" without reloading the current page on the
client?
> > >
> > > Thanks
> > > Mauricio.
Below is some code, in four parts, to do this with JavaScript's
setTimeout() function. Since it is JavaScript, this will not work in
browsers that don't support JavaScript or browsers in which the user has
disabled JavaScript. Good luck!
Kirk
/* Part 1: Add this script to your page. */
// After 14 minutes on a single page a new window is opened, warning the
// user that their session is about to expire. The user can then choose
// to continue or end their session by pushing a button. The pop-window
// will kill all Session info, redirect the main window to the
// login page, and then close itself if the user decides to end the
// session or, if after 58 seconds, the user has taken no action.
<script>
// 840000 ms = 14 minutes
setTimeout('sessionPop()', 840000);
</script>
/* Part 2: Have this JS function defined somewhere accessible by your page
*/
// function sessionPop()
// called by setTimeout function in ./include/footer.inc
// Does the following....
// 1. Open new window
// 2. Write the HTML to the window. It is done this way so that there is
no trip
// to the server which could result in the Session being refreshed.
function sessionPop() {
x = window.open('', 'check', 'height=200, width=400, titlebar=yes,
status=no, toolbar=no, menubar=no, location=no, resizable=yes,
scrollbars=no');
x.document.write('<html><head><title>Session About To
Expire</title></head><body><img src="./images/some_logo.gif" width="58"
height="50"><p>Do you want to extend your session?<form
action="logout.php" method="post" name="refreshSess"
id="refreshSess"><input type="submit" name="sessionRefresh" value="Yes.
Extend Session"> <input type="button" value="No. Logout"
onClick="window.opener.location = \'logout.php\';
window.close();"></form></body><script>function timeOut()
{window.opener.location = "logout.php"; window.close();}
setTimeout("timeOut()", 58000);</script></html>');
// Need to reset the timer so the user will continue
// to get the pop-up when they choose to extend the session
// 840000 ms = 14 minutes
setTimeout('sessionPop()', 840000);
/* Part 3: Here is the content of logout.php */
<?
/*
logout.php is the handler for the form POST from the pop-up window
generated by the javascript function 'sessionPop()' contained in
./include/jsFunctions.js.
logout.php can also be arrived at from redirection due to a Session
Timout on any application page.
*/
// sessionRefresh is the submit button to continue the Session.
// If we get sessionRefresh in the POST close the window. POSTing
// to the page keeps the Session alive.
// Otherwise, this page has been reloaded from a redirect so kill
// all Session info and redirect to home page.
if (!$HTTP_POST_VARS["sessionRefresh"]) {
// Kill all current session info
kill_session();
header("Location: $someURL");
} else {
?>
<html>
<head>
<title> </title>
<script language="JavaScript">
<!--
window.close();
//-->
</script>
</head>
<body>
</body>
</html>
/* Part 4: Here is the definition of PHP function kill_session() */
function kill_session()
{
$name = session_name();
session_unset();
session_destroy();
setcookie($name, '', (time() - 2592000), '/', '', 0);
}
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
