Sessions and compairing time variables

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
mikebr
Forum Contributor
Posts: 243
Joined: Sat Sep 28, 2002 7:05 am

Sessions and compairing time variables

Post by mikebr »

This is probably a simple task but I am finding not so, I want to set a session then check with other pages that the session is set and not out of date. The problem I am having is compairing the date and time the session is set to the date and time the user goes to other pages, if the user goes to another page within the hour then fine and if not they are directed to the login page.

Now I know that with the code below I am compairing 2 strings but I understood that while working with time that was the case, this is apparent that it is probably not the case so anyone give me any pointers on how to do this?

Thanks in advance for aby help.

I set the session on login with the following:

Code: Select all

<?php
$session_timeout = date("y-m-d H:i:s", time()) + 3600; // + 1 hour

// Set the cookie

session_name("OPL_login");
session_start();
session_register("crypted_password");
session_register("session_timeout");

$HTTP_SESSION_VARS["crypted_password"]=$crypted_password;
$HTTP_SESSION_VARS["session_timeout"]=$session_timeout;
$timed_out = "Your session has timed out, ";
?>
and then I check the session with the following:

Code: Select all

<?php
$session_name = $_REQUEST[session_name()]; // Get session name
$session_time = $_SESSION[session_timeout]; // Get session name
$time_now = date("y-m-d H:i:s", time());

if (isset($session_name)) { // Session was set

	if ($time_now > $session_timeout) { // Session is within the time allowed (1 hour)
	$session_error = $timed_out."you will need to log in again";
	
	header ("location: userlogin.php?session_error=$session_error");
	}else{
	echo "User has logged in within the hour";
	}

}else{ // Session has not been set 

$session_error = "You need to log in to gain access to the page you are attemping to load";
header ("location: userlogin.php?session_error=$session_error");
}
?>
User avatar
Takuma
Forum Regular
Posts: 931
Joined: Sun Aug 04, 2002 10:24 am
Location: UK
Contact:

Post by Takuma »

You can't use session_register when you're using $HTTP_SESSION_VARS.
User avatar
Takuma
Forum Regular
Posts: 931
Joined: Sun Aug 04, 2002 10:24 am
Location: UK
Contact:

Post by Takuma »

And one thing I forgot to write you don't need session_start() when using $HTTP_SESSION_VARS.
User avatar
hob_goblin
Forum Regular
Posts: 978
Joined: Sun Apr 28, 2002 9:53 pm
Contact:

Post by hob_goblin »

Takuma wrote:And one thing I forgot to write you don't need session_start() when using $HTTP_SESSION_VARS.
Wrong.

Anyways, you should do three things:

1) Not manually name the session,
2) use $_SESSION instead of $HTTP_SESSION_VARS
3) use a variable to store just time(), like:

Code: Select all

$_SESSION&#1111;'expire] = time() + 3600;
and then

Code: Select all

if(time() >= $_SESSION&#1111;'expire'])&#123;
//expired
&#125;
User avatar
twigletmac
Her Royal Site Adminness
Posts: 5371
Joined: Tue Apr 23, 2002 2:21 am
Location: Essex, UK

Post by twigletmac »

Which version of PHP are you using?

Mac
mikebr
Forum Contributor
Posts: 243
Joined: Sat Sep 28, 2002 7:05 am

Post by mikebr »

The version of php is 4.2.3 "with Mac OSX 10.2.4"

This whole session thing is starting to drive me round the bend, I guess it doesn't help by the confusion caused by my reading of posts that are out there from when register_globals being set to On as default and now its set to Off, d** this is this confusing.
1) Not manually name the session,
2) use $_SESSION instead of $HTTP_SESSION_VARS
3) use a variable to store just time(), like:
1) Ok, I have checked in the cookies of four computers I have access to and there is no cookie set to PHPSESSID except the one I am setting on my computer, I took it that was because people set the name of the session themselves rather than have PHPSESSID or maybe sessions are not widely used? I would love to know why the name shouldn't be set manually if you get a chance to explain please.

2) I am now working with $_SESSION instead of $HTTP_SESSION_VARS

3) I think i understamd how to use the variable to store time(), when I did this before I didn't seen to get a proper value although it seems to be now.

Thanks
Post Reply