Page 1 of 1

Session Time Out code behaving Badly?

Posted: Mon May 23, 2011 11:17 pm
by drayarms
I have the following session timeout code which should redirect users of a website to a page (session_expired.php) which prints out a message telling the user that his session has expired. I include this code at the top of every page in the website, that requires user authentication.

Code: Select all

<?php


//address error handling

ini_set ('display_errors', 1);
error_reporting (E_ALL & ~E_NOTICE);


if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > 1800)) {
    // last request was more than 30 minates ago
    session_destroy();   // destroy session data in storage
    session_unset();     // unset $_SESSION variable for the runtime
    header("location: session_expired.php");
}
$_SESSION['LAST_ACTIVITY'] = time(); // update last activity time stamp


?>
The session_expired.php page which I will include below, has a login link, which takes the user to a login page (access_denied.php)

Code: Select all

<?php

//address error handling

ini_set ('display_errors', 1);
error_reporting (E_ALL & ~E_NOTICE);




//Set the page title before the header file
$title = 'Session Expired';

require ('header.php'); //need the header

?>









		      <div id="content" class="">



				<div id="left_content" class="">





				</div> <!--closes left content-->

					



				<div id="right_content" class="">

					<div id= "right_content_inner_border">


						<h5 style ="position:relative;left:660px;top:1px;"> <a style="text-decoration:none" href="access_denied.php">[Login]</a> </h5>


						<h3 style ="position:relative;left:110px;top:100px; font-color:blue;"> You Session Expired Due to Inactivity! </h3>


					</div> <!--closes right content inner border-->
					
				</div> <!--closes right content-->


			

			</div> <!--closes content-->
















<?php

require ('footer.php'); //need the footer




?>
 
 

Now here lies the problem. When i set the session timeout to say 60 seconds to test the code, everything seems to work perfectly. The authenticated page gets redirected to session_expired.php after 1 minute and when the user clicks on the login link, he is taken back to the login page(access_denied.php). However, when I replace the time with 1800 seconds, the page notice that when I leave the page idle for JUST about 5 minutes, it gets redirected NOT even to the expected session_expired.php page but strangely, directly to the login page(access_denied.php). What could be going wrong here? Any hint is appreciated.

Re: Session Time Out code behaving Badly?

Posted: Tue May 24, 2011 1:34 pm
by Jade
You need to check your php.ini file. PHP has a default timeout for sessions that will clear them out automatically unless you change it: http://www.php.net/manual/en/function.s ... expire.php