Hello to all frihosters.................
I just like to ask regarding the session expiration because im just wondering if how to expire a session when the computer does not use int about 5 minutes.. if you see in yahoo mail that when you log in into the yahoo mail and after that you didn't touch your pc after 5 minutes then once you click for message the yahoo message sent that session expire... Can you tell me how to do it.. on how to automatic expire a login user when it status idle about 5 minutes or more... thanks....
PHP doesn't do this automatically AFAIK, you'll have to code it yourself. It requires using a database and session IDs. I will post some example code later.
| qscomputing wrote: |
| PHP doesn't do this automatically AFAIK, you'll have to code it yourself. It requires using a database and session IDs. I will post some example code later. |
can you help me how to do it.. thanks!At a basic level you could log the timestamp of the users actions and each time a page is loaded you can compare the saved timestamp and if it is more than 300seconds old then log the user out before running the page. A session_destroy() would do it I think.
eg.
| Code: |
$result = mysql_query("SELECT last_access FROM usertable WHERE username='$current_user';");
$row = mysql_fetch_assoc($result);
$last_access=$row['last_access'];
if ((time()-$last_access)>300) {
session_destory();
}
|
Assumming you use the session to read in the username or id or something at the start of the script.
I think that PHP might end a session itself but if it does its probably 30minutes or an hour or something. Not 100% sure though.
Hope that helps.
David.[/code] Well, I if I understand what you're asking, then you can edit how long a session lasts.
Before the session_start() function is declared, set the ini directive session.cookie_life to whatever you want.
| Code: |
<?php
// Adjust the life of a session.
// It is in seconds, so change to your liking.
ini_set("session.cookie_life", 60 * 5); // 60 * 5 would make it five minutes.
?> |
Is that what you mean? It sounds like Bladesage's suggestion would work. My only concern would be, does that set the lifetime from when the cookie is originally set, or does it refresh every time a page is loaded? I'm sure you could work it so that it does the latter (which sounds like what the OP wants)...
But, here's another solution. Similar to Powers' solution, but I would log the timestamp in the $_SESSION variable itself instead of the database. Since you're talking about short term time, and it will only last for the current session, it seems to be unnecessary load on the DB to store the info there. Also you would be accessing the database only to find out that you didn't need to access the database...
Anyhow, once the user logs in and you create the $_SESSION variable, add this line...
| Code: |
| $_SESSION['access'] = time() |
Then, at the top of every page when you check to see if the user is logged in, add this snippet to check if the user has accessed a page within 5 minutes.
| Code: |
if ((time() - $_SESSION['access']) < 300)
$_SESSION['access'] = time();
else
// Insert code to reset the $_SESSION variable
// Send the user back to the log-in script
|
Each page then refreshes the last access time. As long as the user doesn't wait more than five minutes between loading pages, he will stay logged in. If he is idle for five minutes or longer, he will be logged out and sent to the log in page.
Good luck,
- Walkere I guess I should've posted here earlier... I've already sent a code sample to the OP that does what he wanted. I didn't post it here because it is rather long.
