Page 1 of 1
Redirecting to specific page on session timeout
Posted: Tue Feb 14, 2006 5:48 pm
by mavinint
Hi
I wanted to ask if it is at all possible to redirect a user to a specific page once their session has timed out. I can't find anything out there that does this.
Thanks in advance
Danny
Posted: Tue Feb 14, 2006 6:42 pm
by RobertGonzalez
Are you talking about redirecting after a user invokes a page after session timeout? Or are you asking for a dynamic page that redirects as soon as the session times out?
Posted: Tue Feb 14, 2006 6:49 pm
by mavinint
I mean when a user invokes a page after the session timeout
Posted: Tue Feb 14, 2006 6:53 pm
by josh
It is impossible to tell if its just the user's first time or if they had a session that is now expired. You will need to write your own session handling functions and keep the session data forever so you can verify that the session has timed out or if it doesn't exist yet. Well maybe not forever but longer then the normal functions stay on the filesystem
Posted: Tue Feb 14, 2006 7:04 pm
by RobertGonzalez
I'm sure there are various ways of doing this, but what I have done in the past is set a session var at some point and check for that var throughout the site. PHP defaults session garbage collection dumps to 20 minutes (1800 seconds actually) so it will automatically destroy the session if there has been no session activity within that time frame. So what I have done in the past is set a session var and check for it at the beginning of the script. If it is set, then the session is still in effect. If it is not set, then the session is dead. Within each check have the script do whatever you want it to. This is a really basic process example. Post back if you need more direction.
Posted: Tue Feb 14, 2006 9:31 pm
by josh
Everah, that is the method I would recommend but it sounds like he needs to tell apart the first time visitors from the session timed out ones (meaning if it is my first time to the site I would not see the "your session has timed out" page). Yet another way to do this would be to set a cookie along with the session, if that cookie exists but Everah's session value does not then they have timed out (if the cookie doesn't exist its just their first time to the site), this relies on the client having cookies enabled, etc... so its not a solid method but should get the job done
Posted: Wed Feb 15, 2006 4:18 pm
by RobertGonzalez
Excellent point jshpro2. mavinint, are you using this session check, redirect methodology throughout the site, or only in areas that require a log in? If you are setting the session start timing to a login event then you are in the clear. Checking session timing on first page load will get tricky, especially if the user doesn't accept cookies.
Without relying on cookies the only thing you can rely on is something stored in a database, but that would require a process to hit the DB before making a decision on what to do if this is a first time visit or a return, timed out visit.