Daevid Vincent wrote: >> -----Original Message----- >> From: Google Kreme [mailto:gkreme@xxxxxxxxx] > > Is that *really* your name?! :) > >> The trouble comes when you >> need to time-out a session because someone never logged out >> properly. That can be hairy. > > Yeah, it's so hard to do that subtraction... you can only forcefully log someone out if they actually make a(nother) request - if they are logged in and then never visit the site again then you can't actually 'log them out' [at least not using the info stored in the relevant session file. the best you could do is run a 'cronjob' that periodically sets 'idle' logged in users as being logged out. not that the OP wanted to log the login and the logout of the user - your code below doesn't cover that. > > ------------------------8< snip >8--------------------------- > <?php > require_once('classes/user.php'); // defines a class that needs to be > de-serialized in the session. > session_start(); //this must be called at the top of every page anyways. > // user.php included above is needed so the session can instantiate the User > object. > > if ( !is_bool($_SESSION['login']) || $_SESSION['login'] != true ) //we > specifically test 'true' here and boolean. > { > > exit("<SCRIPT>location.href='/index.php?page=".base64_encode($_SERVER['REQUE > ST_URI'])."';</SCRIPT>"); > } > else > { > SQL_DB ($_SESSION['companydb']); // Connect to their default > V2_Database > SQL_QUERY("UPDATE ".$_SESSION['companydb'].".Users SET LastAccessed > = NOW() WHERE CoreID = '".$_SESSION['coreid']."' LIMIT 1"); > > if ((!isset($_COOKIE['sid']) && (time() - $_SESSION['last_access'] >> = $_SESSION['login_timeout'])) ) > { > echo "<script>alert('Your session has been idle for > > ".$_SESSION['login_timeout']." > seconds.');location.href='./index.php';</script>"; > require_once("/your/path/htdocs/index.php"); > exit; > } > > $_SESSION['last_access'] = time(); > } > ?> > > And in case you wonder why I store the base64 of the current page, it's so > that after you authenticate them, you can gracefully pass them on to where > they were trying to go (if they weren't logged in, or had timed out), > complete with all $_GET parameters in tact... > > if ($_REQUEST['page']) > header("Location: ".base64_decode($_REQUEST['page'])); > else > header("Location: some_other_page.php"); > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
