I have an admin section on my website that only a few people have access to. We have very long session timeout time for this section but the one problem is some people will leave the admin section open then leave for like 4 hours then come back and click on a ajax link. The ajax link will alert the returned data (generally an error message) if it does not return a "1". Now the problem is that if they leave for such a long time their session expires and so the "error message" is actually the HTML to the login page because it automatically redirects them to the login page since their session is expired.
What I originally thought of doing was to just have a meta refresh set on the admin page with like 12000 seconds and so if they let the page sit for that long then it just redirects them to the login page because their session has expired. This won't work though because we often will have 2 tabs open of the admin section for reference and only touch the 1 tab once durring the whole day so this tab would end up redirecting and logging them out even though they are still good to go.
So really, how can I prevent this from happening? I though about using an ajax request to see if the session is still alive or something but I don't see how I can do that without actually continuing the session (which I don't want to do).
Session timeouts problem
Moderator: General Moderators
- Christopher
- Site Administrator
- Posts: 13596
- Joined: Wed Aug 25, 2004 7:54 pm
- Location: New York, NY, US
Re: Session timeouts problem
Use a javascript timer instead and have the timeout function clean up the child windows and then redirect.
(#10850)
Re: Session timeouts problem
Store the sessions in the database so they don't get removed, the session id will still remain instact.
- shiznatix
- DevNet Master
- Posts: 2745
- Joined: Tue Dec 28, 2004 5:57 pm
- Location: Tallinn, Estonia
- Contact:
Re: Session timeouts problem
There are no child windows, just other tabs that are open. The initial window does not open the other tabs so it will have no control over them.arborint wrote:Use a javascript timer instead and have the timeout function clean up the child windows and then redirect.
But this means the session will never expire, which is not what I want, unless I am missing something here.astions wrote:Store the sessions in the database so they don't get removed, the session id will still remain instact.
Re: Session timeouts problem
You store the session along with a timestamp. Everytime the user accesses the page you update the timestamp. If the difference between now and the timestamp is greater than the session timeout value, then you delete it and have the user login again.