This is what I use. I don't know if it is the safest ever but it works for me. I use OOP so if you are using procedural (non-OOP), just remove the "class", "protected" and "public".
Code: Select all
<?php
class Sessions {
protected function setSessionTimer( ){
//sets the timer to 20 minutes. This is called when the user logs in.
$_SESSION["TIMER"] = time( ) + 1200;
}
public function checkSessionTimer( ){
if($_SESSION["TIMER"] > time( )){
//resets the timer back to 20 minutes. This is called on every other page,
//except for the initial, authentication and logout pages.
$_SESSION["TIMER"] = time( ) + 1200;
}else{
header("Location: http://www.yourPageHere.com/logOut.php");
}
}
}
?>
I also use a JavaScript "setTimeout( )" function on my pages just in case one doesn't work, then the other will.
Code: Select all
<?php
class JavaScript {
public setTimeout($variableName, $codeToBeCalled, $time){
print("<script>\n");
print("var " . $variableName . " = setTimeout(\"" . $codeToBeCalled . "\", ". $time . ");\n");
print("</script>\n");
}
}
?>
I call the JavaScript function like this: setTimeout("logoutTimer" , "window.location.href = '
http://www.yourPageHere.php/logOut.php'", 20 * 60 * 1000);
Just my two cents. Hope it helps some.
P.S. If you find a better way please share it with us.