Session timeouts problem

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
shiznatix
DevNet Master
Posts: 2745
Joined: Tue Dec 28, 2004 5:57 pm
Location: Tallinn, Estonia
Contact:

Session timeouts problem

Post by shiznatix »

I have an admin section on my website that only a few people have access to. We have very long session timeout time for this section but the one problem is some people will leave the admin section open then leave for like 4 hours then come back and click on a ajax link. The ajax link will alert the returned data (generally an error message) if it does not return a "1". Now the problem is that if they leave for such a long time their session expires and so the "error message" is actually the HTML to the login page because it automatically redirects them to the login page since their session is expired.

What I originally thought of doing was to just have a meta refresh set on the admin page with like 12000 seconds and so if they let the page sit for that long then it just redirects them to the login page because their session has expired. This won't work though because we often will have 2 tabs open of the admin section for reference and only touch the 1 tab once durring the whole day so this tab would end up redirecting and logging them out even though they are still good to go.

So really, how can I prevent this from happening? I though about using an ajax request to see if the session is still alive or something but I don't see how I can do that without actually continuing the session (which I don't want to do).
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Re: Session timeouts problem

Post by Christopher »

Use a javascript timer instead and have the timeout function clean up the child windows and then redirect.
(#10850)
User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Re: Session timeouts problem

Post by Benjamin »

Store the sessions in the database so they don't get removed, the session id will still remain instact.
User avatar
shiznatix
DevNet Master
Posts: 2745
Joined: Tue Dec 28, 2004 5:57 pm
Location: Tallinn, Estonia
Contact:

Re: Session timeouts problem

Post by shiznatix »

arborint wrote:Use a javascript timer instead and have the timeout function clean up the child windows and then redirect.
There are no child windows, just other tabs that are open. The initial window does not open the other tabs so it will have no control over them.
astions wrote:Store the sessions in the database so they don't get removed, the session id will still remain instact.
But this means the session will never expire, which is not what I want, unless I am missing something here.
User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Re: Session timeouts problem

Post by Benjamin »

You store the session along with a timestamp. Everytime the user accesses the page you update the timestamp. If the difference between now and the timestamp is greater than the session timeout value, then you delete it and have the user login again.
Post Reply