You could simply validate the user with
session_start();
$tbaged = false;
if (isset($_SESSION['user_id'])) {
$user = new User($_SESSION['user_id']);
$tbaged = true;
else {
$login = $_REQUEST['screename'];
$password = $_REQUEST['pword'];
$login = clean($login);
$password = clean($pword);
$user = checkLogin($login,$pword);
if (!is_null($user)) {
$tbaged = true;
}
}
if (!$tbaged) {
session_destroy();
die("You are not logged in.");
}
-----Original Message-----
From: Tomas Telensky [mailto:tomas@xxxxxxxxx]
Sent: Monday, November 12, 2007 12:20 PM
To: php-general@xxxxxxxxxxxxx
Subject: Trigger an action on session timeout - feature request?
Hi,
Is there any possibility to trigger an action when the session is inactive
for some time? I need to log users' login and logout, and so I need to know
about logouts caused by timeout. Neither there seems to be a possibility
of a workaround like walking through all my sessions for timeouted ones
and destroy them myself.
I have searched through the PHP doc and didn't found anything. So probably
this is a feature request. Where should I post it? PHP's bug reporting
system,
unlike many common bug reporting systems, doesn't seem to distinguish
between bugs and feature requests.
I think this concept of being possible to define something like
custom "session destructor" is obvious and useful enough to be worth
implementing to PHP.
Thanks for help,
Tomas
--
"No Software Patents!" -- Allowing patents over software ideas will
seriously affect the Creativity, Productivity and Freedom of all.
Link: http://www.nosoftwarepatents.com/
--
Defend your freedom by signing a petition.
Link: http://petition.eurolinux.org/index_html?LANG=en
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
