Store the last time someone accessed their session into the $_SESSION
array then when requesting a protected page just check x amount of time
has not passed, if x amount has time has passed redirect to a login page
or re-enter their user password
small example you would use on the top of every page,
session_start();
if(isset($_SESSION['timeout'])) {
if(time() > $_SESSION['timeout']) {
// session has expired, redirect to login...
} else {
// reset the timeout time...
$_SESSION['timeout'] = time() + 3600;
}
} else {
$_SESSION['timeout'] = time() + 3600;
}
James
Adrian Bruce wrote:
Hi
I currently use an automatic logout out system that sets a time out in
two ways.
(If the ip address on computer is recognized then set timeout to 10
mins, if not then set to 2 mins.)
1) The time out setting is used to create a meta refresh tag that will
re-direct the user to the logout page after X seconds. 2) At the
beginning of each page i set a variable with the current time and check
to see if the difference between the previously set variable and the now
current time is greater than X seconds, if so then log the user out.
I know meta refresh is not to be relied on and that is why i use the 2nd
method as well, but i have had varied reports that this system does not
work, i.e. it logs people out to quickly.
Does anyone know a better way of doing this or improvements?? it would
also be nice to stop the pages displaying after a time out when a user
presses the back button!
Thanks a lot in advance
Adrian
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
