Session Time Out code behaving Badly?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
drayarms
Forum Contributor
Posts: 134
Joined: Fri Dec 31, 2010 5:11 pm

Session Time Out code behaving Badly?

Post by drayarms »

I have the following session timeout code which should redirect users of a website to a page (session_expired.php) which prints out a message telling the user that his session has expired. I include this code at the top of every page in the website, that requires user authentication.

Code: Select all

<?php


//address error handling

ini_set ('display_errors', 1);
error_reporting (E_ALL & ~E_NOTICE);


if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > 1800)) {
    // last request was more than 30 minates ago
    session_destroy();   // destroy session data in storage
    session_unset();     // unset $_SESSION variable for the runtime
    header("location: session_expired.php");
}
$_SESSION['LAST_ACTIVITY'] = time(); // update last activity time stamp


?>
The session_expired.php page which I will include below, has a login link, which takes the user to a login page (access_denied.php)

Code: Select all

<?php

//address error handling

ini_set ('display_errors', 1);
error_reporting (E_ALL & ~E_NOTICE);




//Set the page title before the header file
$title = 'Session Expired';

require ('header.php'); //need the header

?>









		      <div id="content" class="">



				<div id="left_content" class="">





				</div> <!--closes left content-->

					



				<div id="right_content" class="">

					<div id= "right_content_inner_border">


						<h5 style ="position:relative;left:660px;top:1px;"> <a style="text-decoration:none" href="access_denied.php">[Login]</a> </h5>


						<h3 style ="position:relative;left:110px;top:100px; font-color:blue;"> You Session Expired Due to Inactivity! </h3>


					</div> <!--closes right content inner border-->
					
				</div> <!--closes right content-->


			

			</div> <!--closes content-->
















<?php

require ('footer.php'); //need the footer




?>
 
 

Now here lies the problem. When i set the session timeout to say 60 seconds to test the code, everything seems to work perfectly. The authenticated page gets redirected to session_expired.php after 1 minute and when the user clicks on the login link, he is taken back to the login page(access_denied.php). However, when I replace the time with 1800 seconds, the page notice that when I leave the page idle for JUST about 5 minutes, it gets redirected NOT even to the expected session_expired.php page but strangely, directly to the login page(access_denied.php). What could be going wrong here? Any hint is appreciated.
User avatar
Jade
Forum Regular
Posts: 908
Joined: Sun Dec 29, 2002 5:40 pm
Location: VA

Re: Session Time Out code behaving Badly?

Post by Jade »

You need to check your php.ini file. PHP has a default timeout for sessions that will clear them out automatically unless you change it: http://www.php.net/manual/en/function.s ... expire.php
Post Reply