Page 1 of 2

re-login if idle for more

Posted: Fri May 19, 2006 9:10 am
by madhu
hi this is madhu.

can any one please give some idea , how to implement the following problem:

problem:
-----------
once a user login to a webpage , in that webpage if user didnot perform any operations for 10 minutes i.e if user

is in idle state for 10 minutes ,then how we will ask user to "re-login" if the user is idle for more than 10

minutes.

please give suggestions ,how to implement this..........

waiting for your valuable replies..........

Thanks and regards
madhu

Posted: Fri May 19, 2006 9:30 am
by onion2k
I can think of a few methods offhand..

1. Use sessions, and modify the session handler to expire after 10 minutes.

2. Use cookies, and set the expiry date to 10 minutes in the future.

3. Every time a user interacts with the site log the time, on each request check the time is less than 10 minutes from the last request.

Depends what you're doing really..

(This sounds a lot like a college assignment question :) )

Posted: Fri May 19, 2006 10:56 am
by BadgerC82
By idle do you mean static on one page or do you mean uses a button or object on the page.

I suggest going to:

http://www.w3schools.com

and checking out the timer functions... Basically when the page loads start the timer and then use the setTimeout function passinf through the function you want to call on time out.

Posted: Fri May 19, 2006 12:37 pm
by RobertGonzalez
PHP default garbage collection time is 10 minutes for sessions. If you use sessions for managing logins and there is no REQUEST activity on the server the session dies. This can be good or bad, but for what you are asking, it seems like it would work.

relogin

Posted: Sat May 20, 2006 5:16 am
by madhu
in my project am using Sessions in login page.

how to know that the Session REQUEST is active or not in a web page ???

if it is inactive for 10 minutes , then we can force that page to redirect to Again login page (i.e re-login).

how to implement this .....

please respond.....

waiting for your valuable replies........................

Posted: Sat May 20, 2006 5:31 am
by Benjamin
:?

Posted: Sat May 20, 2006 6:00 am
by s.dot
if you're going with the session timeout....

Code: Select all

if(!isset($_SESSION) || empty($_SESSION)){
    header('Location: login.php');
    exit;
}

Posted: Sat May 20, 2006 6:07 am
by madhu
hi scottayy,

how to redirect to login page exactly after 10 minutes if Session request is Inactive.

please give early reply...............

Posted: Sat May 20, 2006 10:29 am
by RobertGonzalez
You are looking for something client side if you are looking to expire as soon as inactivity reaches 10 minutes. PHP is server-side, which means it reacts to a request from the client. Sessions can tell you when the last request was made, but there is no way a server is going to tell your computer that is has been exactly 10 minutes and it is time to log out.

Google search javascript timers and implement something with javascript countdowns and redirects if you want to redirect after exactly 10 minutes.

Posted: Mon May 22, 2006 1:24 am
by madhu
i tried like this,but it is not redirecting....

please check and reply As soon as posible..........

page1.php:
--------------

<?php
session_start();
$_SESSION['email'] = 'madhu@yahoo.com';
$_SESSION['pwd'] = 'madhu';
echo '<br /><a href="page2.php">page 2</a>';
?>

page2.php:
--------------

<?php
session_start();
ini_set('session.gc_maxlifetime', "60"); //sec default 1440
ini_set('session.cache_expire',"60"); //min default 180
echo $_SESSION['email']. '<br/>';
echo $_SESSION['pwd'];
if(!isset($_SESSION) || empty($_SESSION))
{
header('Location: page1.php');
exit;
}
?>


i gave session to be expire within 1 minute i.e 60 seconds in code.

but after 1 minute it is not redirecting...

please check and reply,.....

waiting for your valuable replies..............

Thanks and regards
madhu

Posted: Mon May 22, 2006 1:29 am
by RobertGonzalez
If the user doesn't do anything for one minute, nothing will happen. If the user doesn't do anything for four hours, nothing is going to happen. The next time the user makes a request of the server (clicks something for example) the script will check to see if the timing is within the range you set and, if it is not, it will redirect the user to your chosen location.

Remember that PHP is a server-side script. It does nothing until a request is made of the server.

On a side note, in your header function, make sure to use a complete URL, not a relative one.

Code: Select all

<?php
header("Location: http://www.mydomain.com/myredirpage.php");
?>

Posted: Mon May 22, 2006 1:37 am
by madhu
In page2.php am requesting email and password.

After some time those session variables will destroy , then that page2.php should redirect to page1.php ,is it correct ??

please reply.........

Posted: Mon May 22, 2006 1:45 am
by RobertGonzalez
madhu wrote:In page2.php am requesting email and password.

After some time those session variables will destroy , then that page2.php should redirect to page1.php ,is it correct ??

please reply.........
Yes and no. After the time expires for the session the user will be redirected. But only after they request the page again. Think of it like this...

I tell the server I want to see page1.php. The servers says ok and shows it to me. At this point the server has already forgotten everything about me and the fact that I wanted to see page1.php. But, a smart developer added some session handling to page1.php so when the page loaded it set some variables for tracking me and those variables are either written to a cookie or stored in a file on the server. One of the things that is set is the Garbage Collection timing. After the GC maximum timing is reached, the server will no longer store information about that session anymore.

But how does the server know if the mx GC timing has been reached? When I ask the server for another page that is also using session handling. Say for example I move from page1.php to page2.php. And lets say I did this three minutes after I originally requested page1.php. The GC timer is reset when page2.php is served up. Now, let's say I have to take the kids to school, stop off at the store, hit the gym and read the paper. Six hours later I request page3.php (which is also using sessions). Page3.php will look at the time now and compare that with the last time noted for the session. Seeing that it has been more than the GC max timing, the server will dump all of the session data and start all over again. But this does not happen until I ask the server for another page. The server will not know the difference in time of served up pages without a request for a page being made.

Posted: Mon May 22, 2006 2:08 am
by madhu
so if i want to redirect from page2.php to page1.php after 1 minute, it will not posible using ini_set('session.gc_maxlifetime', "60"); , is it correct??

please suggest another ways how to implement this feature......

waiting for your valuable replies.........................

Posted: Mon May 22, 2006 2:45 am
by bdlang
Although I have not tested this, it may certainly be possible to utilize AJAX to set a timer via JavaScript and at a 10 minute mark have the JS send a request to a PHP script to log you out and return a "You've been automatically logged out" message to a space on the page. Of course this is if the end user has JS enabled, is using a current browser platform, etc ad nauseum. Alternatively, you may consider that the end user may find it rude to be automatically logged out and not visit your site again.