Page 1 of 1

How can I add a session timeout to my code ?

Posted: Wed Jul 07, 2010 2:26 pm
by VR-Fox
I have a login page and have added session variables to each of my pages in my site in order to verify that the user is logged in and has access to pages, I also have a logout page that destroys the session variable for the user logged in when they log out to keep things secure. However I wish to add a timeout for my user session variable for say 5 min so that if they walk away from there computer they will automatically be logged out after 5 min of inactivity. I have tried a few php session variable timeout scripts from the web but cant seem to make them work. I am hoping someone can look at my code and edit it to add session variable timeout to it that will work so I can see what I am missing. here is my code for my php files.

login.php

<form name="form1" method="post" action="auth.php">
<label>User Name
<input type="text" name="admin" tabindex="1" size="21">
</label>
<label>Password
<input type="password" name="password" tabindex="2" size="21" mask="x">
</label>
<p>
<input type="submit" name="submit" value="Login" tabindex="3">
</p>
</form>

auth.php

<?php include '/Connections/Test.php';

session_start();

if (isset($_POST['submit']))
{
$admin=$_POST['admin'];
$password=$_POST['password'];
$admin=strip_tags($admin);
$password=strip_tags($password);
$password=md5($password);

$query = "select name,password from administrators where name='$admin' and password='$password'";
$result = mysql_query($query) or die ("Could not query administrators");
$result2 = mysql_fetch_array($result);
if ($result2)
{
$_SESSION['admin']=$admin;
echo "<big>Logged in successfully<br>";
echo "<a href='RecordsAdmin.php'>Continue</a></big>";
}
else
{
echo "Wrong user name or password.";
echo "<big><a href='login.php'>Try Again</a></big>";
}
}
?>

RecordsAdmin.php

<?php
include_once '/Connections/Test.php';
session_start();

if (isset($_SESSION['admin']))
{
$admin=$_SESSION['admin'];
}
else
{
echo "You must log in to view this page <br><br> <a href='login.php'>Login</a>";
exit;
}
?>
<p><a href="/phpsite1/Records.php">View Records</a> </p>
<p><a href="/phpsite1/Addrecords.php">Add New Record</a></p>
<p><a href="/phpsite1/register.php">Add New Administrator</a> </p>
<p><a href="/phpsite1/Index.php">Go Back To Index Page</a></p>
<p><a href="/phpsite1/logout.php">Logout</a></p>

logout.php

<?php
include_once '/Connections/Test.php';

session_start();

if (isset($_SESSION['admin']))
{
$admin=$_SESSION['admin'];
}
else
{
echo "You must log in to view this page <br><br> <a href='login.php'>Login</a>";
exit;
}
session_unset();
session_destroy();
$_SESSION = array();

echo "Succesfully Logged Out !"
?>

Re: How can I add a session timeout to my code ?

Posted: Wed Jul 07, 2010 9:08 pm
by Jonah Bron
Store a time stamp in the user's session. If it's older than 5 minutes, tell them that their session expired. If not, reset the time stamp to the current time.

Re: How can I add a session timeout to my code ?

Posted: Thu Jul 08, 2010 10:22 am
by VR-Fox
How do you create a time stamp and store it ?

can you give me a code sample ?

Re: How can I add a session timeout to my code ?

Posted: Thu Jul 08, 2010 11:03 am
by Jonah Bron
When they log in, do something like this:

Code: Select all

// log in
$_SESSION['timeout'] = time(); // put time into session
And on any other page, always check if they've timed out.

Code: Select all

if ($_SESSION['timeout'] < time() - (5*60)) { // if older than five minutes
    // log the user out, or whatever you want to do
} else {
    $_SESSION['timeout'] = time(); // update the session to hold the current time
}