Hi,
I have a small code for auto session time out, which logs out a user upon a
session timeout, i want to get him back to the page he was on, before the
session time out..
<?php
ob_start();
session_start();
if(!isset($_SESSION['username']))
{
header("Location:index.php");
}
$vinkuser=$_SESSION['username'];
//echo $vinkuser;
//echo $_SERVER['start']; // set timeout period in seconds
$inactive = 100; // check to see if $_SESSION['timeout'] is set
if(isset($_SESSION['timeout']) )
{
$session_life = time() - $_SESSION['timeout'];
if($session_life > $inactive)
{
$go=$_SERVER['HTTP_REFERER'];
session_destroy();
header("Location:index.php?go=$go");
}
}
$_SESSION['timeout'] = time();
?>
But once the user is logged out by script after inactivity, he has to login
and then he goes back to the home page, i want to send the user back to the
page he was last accessing from which he got logged out.
I tried to use a $go variable and then from login page, send him to that
page, but now i am thinking this might not be a secure way of doing it,
since someone could just replace the location url and gain access to the
username and pswd?
Thanks,
Vinay
