> -----Original Message----- > From: Google Kreme [mailto:gkreme@xxxxxxxxx] Is that *really* your name?! :) > The trouble comes when you > need to time-out a session because someone never logged out > properly. That can be hairy. Yeah, it's so hard to do that subtraction... ------------------------8< snip >8--------------------------- <?php require_once('classes/user.php'); // defines a class that needs to be de-serialized in the session. session_start(); //this must be called at the top of every page anyways. // user.php included above is needed so the session can instantiate the User object. if ( !is_bool($_SESSION['login']) || $_SESSION['login'] != true ) //we specifically test 'true' here and boolean. { exit("<SCRIPT>location.href='/index.php?page=".base64_encode($_SERVER['REQUE ST_URI'])."';</SCRIPT>"); } else { SQL_DB ($_SESSION['companydb']); // Connect to their default V2_Database SQL_QUERY("UPDATE ".$_SESSION['companydb'].".Users SET LastAccessed = NOW() WHERE CoreID = '".$_SESSION['coreid']."' LIMIT 1"); if ((!isset($_COOKIE['sid']) && (time() - $_SESSION['last_access'] >= $_SESSION['login_timeout'])) ) { echo "<script>alert('Your session has been idle for > ".$_SESSION['login_timeout']." seconds.');location.href='./index.php';</script>"; require_once("/your/path/htdocs/index.php"); exit; } $_SESSION['last_access'] = time(); } ?> And in case you wonder why I store the base64 of the current page, it's so that after you authenticate them, you can gracefully pass them on to where they were trying to go (if they weren't logged in, or had timed out), complete with all $_GET parameters in tact... if ($_REQUEST['page']) header("Location: ".base64_decode($_REQUEST['page'])); else header("Location: some_other_page.php"); -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
