Page 1 of 1

Session timeouts problem

Posted: Wed Feb 13, 2008 7:30 am
by shiznatix
I have an admin section on my website that only a few people have access to. We have very long session timeout time for this section but the one problem is some people will leave the admin section open then leave for like 4 hours then come back and click on a ajax link. The ajax link will alert the returned data (generally an error message) if it does not return a "1". Now the problem is that if they leave for such a long time their session expires and so the "error message" is actually the HTML to the login page because it automatically redirects them to the login page since their session is expired.

What I originally thought of doing was to just have a meta refresh set on the admin page with like 12000 seconds and so if they let the page sit for that long then it just redirects them to the login page because their session has expired. This won't work though because we often will have 2 tabs open of the admin section for reference and only touch the 1 tab once durring the whole day so this tab would end up redirecting and logging them out even though they are still good to go.

So really, how can I prevent this from happening? I though about using an ajax request to see if the session is still alive or something but I don't see how I can do that without actually continuing the session (which I don't want to do).

Re: Session timeouts problem

Posted: Wed Feb 13, 2008 3:43 pm
by Christopher
Use a javascript timer instead and have the timeout function clean up the child windows and then redirect.

Re: Session timeouts problem

Posted: Wed Feb 13, 2008 3:46 pm
by Benjamin
Store the sessions in the database so they don't get removed, the session id will still remain instact.

Re: Session timeouts problem

Posted: Thu Feb 14, 2008 3:41 am
by shiznatix
arborint wrote:Use a javascript timer instead and have the timeout function clean up the child windows and then redirect.
There are no child windows, just other tabs that are open. The initial window does not open the other tabs so it will have no control over them.
astions wrote:Store the sessions in the database so they don't get removed, the session id will still remain instact.
But this means the session will never expire, which is not what I want, unless I am missing something here.

Re: Session timeouts problem

Posted: Thu Feb 14, 2008 3:49 am
by Benjamin
You store the session along with a timestamp. Everytime the user accesses the page you update the timestamp. If the difference between now and the timestamp is greater than the session timeout value, then you delete it and have the user login again.