Page 1 of 1
Session - set timeout
Posted: Sun Aug 13, 2006 11:53 am
by richo
I am using a session to stop people bypassing the login page. However, i would like to set the session to expire after say 10 minutes of inactivity by the user to add extra security.
Any pointers?
At the moment, all my session does is this: (i only have on set username and password).
session_start();
if (! isset($_SESSION['seshname'])) {
header ('location: login.php');
}
Posted: Sun Aug 13, 2006 11:55 am
by feyd
Store the last page request time in the session. It doesn't exist, boot'em. It's too old, boot'em.
Posted: Sun Aug 13, 2006 1:24 pm
by richo
So you have to do like a time stamp?
Posted: Sun Aug 13, 2006 3:06 pm
by themurph
Depending on how you manage your sessions, a quick fix might simply be to set your
session.gc_maxlifetime in the php.ini file.
or do an ini_set():
Code: Select all
<?php
// default is 1440, which is 24 minutes
ini_set("session.gc_maxlifetime","1440");
?>
Posted: Sun Aug 13, 2006 5:38 pm
by toasty2
Every page request you could write the current time to a session variable, then on the next page request check how much time has passed since the last page request, then delete the session if it's been too long.
Edit: Like feyd said.
Posted: Sun Aug 13, 2006 7:11 pm
by RobertGonzalez
If you want a 10 minute window, do it code-side like Feyd said. When you set your session vars on login, set a session var that houses the time it is now...
Code: Select all
<?php
$_SESSION['activity_time'] = time();
?>
Then on your subsequent pages, check to see if 'activity_time' is within 10 minutes...
Code: Select all
<?php
if ( isset($_SESSION['activity_time']) )
{
if ( time() - $_SESSION['activity_time'] < 600 )
{
// Reset activity time here to time() because it hasn't been 10 minutes
}
else
{
header('Location: http://www.mysite.com/logout.php');
}
}
else
{
header('Location: http://www.mysite.com/logout.php');
}
?>
Posted: Mon Aug 14, 2006 2:52 am
by richo
cheers Everah, that's uber helpful!
When looking on the web i found allot about the session.gc_maxlifetime. And then i found a timestamp method (something i had heard of in other languages) but the example look overly complex.
Your method is clean and efficient! Many thanks.
