How Does One Make a Session Persist?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
drayarms
Forum Contributor
Posts: 134
Joined: Fri Dec 31, 2010 5:11 pm

How Does One Make a Session Persist?

Post by drayarms »

I'm creating a site where members have to log in in order to access the site's pages. I'm using sessions to log the members in. Each member has a unique session id that grants him access to the site. At the top of each of the sit'es pages, I authenticate the user using the following code.

Code: Select all

<?php
	//Start session
	session_start();
	
	//Check whether the session variable id is present or not
	if(!isset($_SESSION['id']) || (trim($_SESSION['id']) == '')) {
		header("location: access_denied.php");
		exit();
	}
?>
So this bit of code basically redirects the user to an access denied page, if the user isn't authenticated otherwise, the user can access the page. Right below that bit of code, I have this code that ends the session after 15 minutes of inactivity.

Code: Select all

<?php


//address error handling

ini_set ('display_errors', 1);
error_reporting (E_ALL & ~E_NOTICE);

//Get the current page url to pass on to the session expired page.
$url=urlencode("http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);


if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > 900)) {
    // last request was more than 15 minates ago
    session_destroy();   // destroy session data in storage
    session_unset();     // unset $_SESSION variable for the runtime
    header("location: session_expired.php?url=$url");
}
$_SESSION['LAST_ACTIVITY'] = time(); // update last activity time stamp


?>

What do I need to do to keep the session permanently active until either the 15 minutes is reached or I manually sign out ? Often times the page upon refreshing, gets redirected to the access_denied.php which clearly indicates that my session id is not lingering on and gets destroyed prematurely. What do I do??
User avatar
Jonah Bron
DevNet Master
Posts: 2764
Joined: Thu Mar 15, 2007 6:28 pm
Location: Redding, California

Re: How Does One Make a Session Persist?

Post by Jonah Bron »

You don't need to assign a unique ID to the session, that's what sessions themselves do. To make them timeout after a certain amount of time, store the last moment of activity in the session, and check to make sure it's not over the limit (900 seconds == 15 minutes). See here:

http://stackoverflow.com/questions/3068 ... on-timeout
Post Reply