Page 1 of 1

Sessions and compairing time variables

Posted: Sat Feb 15, 2003 9:22 am
by mikebr
This is probably a simple task but I am finding not so, I want to set a session then check with other pages that the session is set and not out of date. The problem I am having is compairing the date and time the session is set to the date and time the user goes to other pages, if the user goes to another page within the hour then fine and if not they are directed to the login page.

Now I know that with the code below I am compairing 2 strings but I understood that while working with time that was the case, this is apparent that it is probably not the case so anyone give me any pointers on how to do this?

Thanks in advance for aby help.

I set the session on login with the following:

Code: Select all

<?php
$session_timeout = date("y-m-d H:i:s", time()) + 3600; // + 1 hour

// Set the cookie

session_name("OPL_login");
session_start();
session_register("crypted_password");
session_register("session_timeout");

$HTTP_SESSION_VARS["crypted_password"]=$crypted_password;
$HTTP_SESSION_VARS["session_timeout"]=$session_timeout;
$timed_out = "Your session has timed out, ";
?>
and then I check the session with the following:

Code: Select all

<?php
$session_name = $_REQUEST[session_name()]; // Get session name
$session_time = $_SESSION[session_timeout]; // Get session name
$time_now = date("y-m-d H:i:s", time());

if (isset($session_name)) { // Session was set

	if ($time_now > $session_timeout) { // Session is within the time allowed (1 hour)
	$session_error = $timed_out."you will need to log in again";
	
	header ("location: userlogin.php?session_error=$session_error");
	}else{
	echo "User has logged in within the hour";
	}

}else{ // Session has not been set 

$session_error = "You need to log in to gain access to the page you are attemping to load";
header ("location: userlogin.php?session_error=$session_error");
}
?>

Posted: Sat Feb 15, 2003 1:40 pm
by Takuma
You can't use session_register when you're using $HTTP_SESSION_VARS.

Posted: Sat Feb 15, 2003 1:41 pm
by Takuma
And one thing I forgot to write you don't need session_start() when using $HTTP_SESSION_VARS.

Posted: Sat Feb 15, 2003 2:20 pm
by hob_goblin
Takuma wrote:And one thing I forgot to write you don't need session_start() when using $HTTP_SESSION_VARS.
Wrong.

Anyways, you should do three things:

1) Not manually name the session,
2) use $_SESSION instead of $HTTP_SESSION_VARS
3) use a variable to store just time(), like:

Code: Select all

$_SESSION&#1111;'expire] = time() + 3600;
and then

Code: Select all

if(time() >= $_SESSION&#1111;'expire'])&#123;
//expired
&#125;

Posted: Mon Feb 17, 2003 2:40 am
by twigletmac
Which version of PHP are you using?

Mac

Posted: Mon Feb 17, 2003 5:11 pm
by mikebr
The version of php is 4.2.3 "with Mac OSX 10.2.4"

This whole session thing is starting to drive me round the bend, I guess it doesn't help by the confusion caused by my reading of posts that are out there from when register_globals being set to On as default and now its set to Off, d** this is this confusing.
1) Not manually name the session,
2) use $_SESSION instead of $HTTP_SESSION_VARS
3) use a variable to store just time(), like:
1) Ok, I have checked in the cookies of four computers I have access to and there is no cookie set to PHPSESSID except the one I am setting on my computer, I took it that was because people set the name of the session themselves rather than have PHPSESSID or maybe sessions are not widely used? I would love to know why the name shouldn't be set manually if you get a chance to explain please.

2) I am now working with $_SESSION instead of $HTTP_SESSION_VARS

3) I think i understamd how to use the variable to store time(), when I did this before I didn't seen to get a proper value although it seems to be now.

Thanks