re-login if idle for more

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

madhu
Forum Commoner
Posts: 82
Joined: Fri Mar 03, 2006 9:34 am

re-login if idle for more

Post by madhu »

hi this is madhu.

can any one please give some idea , how to implement the following problem:

problem:
-----------
once a user login to a webpage , in that webpage if user didnot perform any operations for 10 minutes i.e if user

is in idle state for 10 minutes ,then how we will ask user to "re-login" if the user is idle for more than 10

minutes.

please give suggestions ,how to implement this..........

waiting for your valuable replies..........

Thanks and regards
madhu
User avatar
onion2k
Jedi Mod
Posts: 5263
Joined: Tue Dec 21, 2004 5:03 pm
Location: usrlab.com

Post by onion2k »

I can think of a few methods offhand..

1. Use sessions, and modify the session handler to expire after 10 minutes.

2. Use cookies, and set the expiry date to 10 minutes in the future.

3. Every time a user interacts with the site log the time, on each request check the time is less than 10 minutes from the last request.

Depends what you're doing really..

(This sounds a lot like a college assignment question :) )
BadgerC82
Forum Commoner
Posts: 25
Joined: Tue Feb 07, 2006 6:53 am

Post by BadgerC82 »

By idle do you mean static on one page or do you mean uses a button or object on the page.

I suggest going to:

http://www.w3schools.com

and checking out the timer functions... Basically when the page loads start the timer and then use the setTimeout function passinf through the function you want to call on time out.
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

PHP default garbage collection time is 10 minutes for sessions. If you use sessions for managing logins and there is no REQUEST activity on the server the session dies. This can be good or bad, but for what you are asking, it seems like it would work.
madhu
Forum Commoner
Posts: 82
Joined: Fri Mar 03, 2006 9:34 am

relogin

Post by madhu »

in my project am using Sessions in login page.

how to know that the Session REQUEST is active or not in a web page ???

if it is inactive for 10 minutes , then we can force that page to redirect to Again login page (i.e re-login).

how to implement this .....

please respond.....

waiting for your valuable replies........................
User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Post by Benjamin »

:?
User avatar
s.dot
Tranquility In Moderation
Posts: 5001
Joined: Sun Feb 06, 2005 7:18 pm
Location: Indiana

Post by s.dot »

if you're going with the session timeout....

Code: Select all

if(!isset($_SESSION) || empty($_SESSION)){
    header('Location: login.php');
    exit;
}
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
madhu
Forum Commoner
Posts: 82
Joined: Fri Mar 03, 2006 9:34 am

Post by madhu »

hi scottayy,

how to redirect to login page exactly after 10 minutes if Session request is Inactive.

please give early reply...............
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

You are looking for something client side if you are looking to expire as soon as inactivity reaches 10 minutes. PHP is server-side, which means it reacts to a request from the client. Sessions can tell you when the last request was made, but there is no way a server is going to tell your computer that is has been exactly 10 minutes and it is time to log out.

Google search javascript timers and implement something with javascript countdowns and redirects if you want to redirect after exactly 10 minutes.
madhu
Forum Commoner
Posts: 82
Joined: Fri Mar 03, 2006 9:34 am

Post by madhu »

i tried like this,but it is not redirecting....

please check and reply As soon as posible..........

page1.php:
--------------

<?php
session_start();
$_SESSION['email'] = 'madhu@yahoo.com';
$_SESSION['pwd'] = 'madhu';
echo '<br /><a href="page2.php">page 2</a>';
?>

page2.php:
--------------

<?php
session_start();
ini_set('session.gc_maxlifetime', "60"); //sec default 1440
ini_set('session.cache_expire',"60"); //min default 180
echo $_SESSION['email']. '<br/>';
echo $_SESSION['pwd'];
if(!isset($_SESSION) || empty($_SESSION))
{
header('Location: page1.php');
exit;
}
?>


i gave session to be expire within 1 minute i.e 60 seconds in code.

but after 1 minute it is not redirecting...

please check and reply,.....

waiting for your valuable replies..............

Thanks and regards
madhu
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

If the user doesn't do anything for one minute, nothing will happen. If the user doesn't do anything for four hours, nothing is going to happen. The next time the user makes a request of the server (clicks something for example) the script will check to see if the timing is within the range you set and, if it is not, it will redirect the user to your chosen location.

Remember that PHP is a server-side script. It does nothing until a request is made of the server.

On a side note, in your header function, make sure to use a complete URL, not a relative one.

Code: Select all

<?php
header("Location: http://www.mydomain.com/myredirpage.php");
?>
madhu
Forum Commoner
Posts: 82
Joined: Fri Mar 03, 2006 9:34 am

Post by madhu »

In page2.php am requesting email and password.

After some time those session variables will destroy , then that page2.php should redirect to page1.php ,is it correct ??

please reply.........
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

madhu wrote:In page2.php am requesting email and password.

After some time those session variables will destroy , then that page2.php should redirect to page1.php ,is it correct ??

please reply.........
Yes and no. After the time expires for the session the user will be redirected. But only after they request the page again. Think of it like this...

I tell the server I want to see page1.php. The servers says ok and shows it to me. At this point the server has already forgotten everything about me and the fact that I wanted to see page1.php. But, a smart developer added some session handling to page1.php so when the page loaded it set some variables for tracking me and those variables are either written to a cookie or stored in a file on the server. One of the things that is set is the Garbage Collection timing. After the GC maximum timing is reached, the server will no longer store information about that session anymore.

But how does the server know if the mx GC timing has been reached? When I ask the server for another page that is also using session handling. Say for example I move from page1.php to page2.php. And lets say I did this three minutes after I originally requested page1.php. The GC timer is reset when page2.php is served up. Now, let's say I have to take the kids to school, stop off at the store, hit the gym and read the paper. Six hours later I request page3.php (which is also using sessions). Page3.php will look at the time now and compare that with the last time noted for the session. Seeing that it has been more than the GC max timing, the server will dump all of the session data and start all over again. But this does not happen until I ask the server for another page. The server will not know the difference in time of served up pages without a request for a page being made.
madhu
Forum Commoner
Posts: 82
Joined: Fri Mar 03, 2006 9:34 am

Post by madhu »

so if i want to redirect from page2.php to page1.php after 1 minute, it will not posible using ini_set('session.gc_maxlifetime', "60"); , is it correct??

please suggest another ways how to implement this feature......

waiting for your valuable replies.........................
bdlang
Forum Contributor
Posts: 395
Joined: Tue May 16, 2006 8:46 pm
Location: Ventura, CA US

Post by bdlang »

Although I have not tested this, it may certainly be possible to utilize AJAX to set a timer via JavaScript and at a 10 minute mark have the JS send a request to a PHP script to log you out and return a "You've been automatically logged out" message to a space on the page. Of course this is if the end user has JS enabled, is using a current browser platform, etc ad nauseum. Alternatively, you may consider that the end user may find it rude to be automatically logged out and not visit your site again.
Post Reply