Automatic logout

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
gregerst
Forum Newbie
Posts: 6
Joined: Tue Aug 02, 2011 11:31 am

Automatic logout

Post by gregerst »

Hi,

I have a questions concerning how to do automatic logout from webb application when say not used it for 15 minutes or so. My application is written in Dreamweaver 5.5 and all pages are PHP scrips,

Hope you can help me to do this.

Thanks in advance
Greger Stag
User avatar
social_experiment
DevNet Master
Posts: 2793
Joined: Sun Feb 15, 2009 11:08 am
Location: .za

Re: Automatic logout

Post by social_experiment »

The Manual wrote: session.gc_maxlifetime integer
session.gc_maxlifetime specifies the number of seconds after which data will be seen as 'garbage' and cleaned up. Garbage collection occurs during session start.
I'm not sure if this is correct but what you have in mind is most likely handled by a setting in the php.ini file :idea:
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
gregerst
Forum Newbie
Posts: 6
Joined: Tue Aug 02, 2011 11:31 am

Re: Automatic logout

Post by gregerst »

Thank's for this ide. I have my application hosted at ONE.com (webbhotel). What I will have is that when a user have doing nothing say for 15 minutes or so, I will have a jump to one of my script called logout.php
I look in PHP.ini for the "session.gc.maxlifetime" but I think thats not the answer to my problem or?

/Greger
User avatar
social_experiment
DevNet Master
Posts: 2793
Joined: Sun Feb 15, 2009 11:08 am
Location: .za

Re: Automatic logout

Post by social_experiment »

gregerst wrote:Thank's for this ide. I have my application hosted at ONE.com (webbhotel). What I will have is that when a user have doing nothing say for 15 minutes or so, I will have a jump to one of my script called logout.php
I look in PHP.ini for the "session.gc.maxlifetime" but I think thats not the answer to my problem or?
:? No reference to an ide in the reply. From my understanding of session.gc.maxlifetime (which might be incorrect) it sees the data (session data) as garbage and cleans it up, meaning whatever is in the session at that time, will be cleared away. So if you have any authorised info stored in the session, it will be cleared and the user will be logged out.
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
User avatar
flying_circus
Forum Regular
Posts: 732
Joined: Wed Mar 05, 2008 10:23 pm
Location: Sunriver, OR

Re: Automatic logout

Post by flying_circus »

I think the better way would be to use a timestamp. This way you can maintain a user session, but expire a login.

This is usefull when you want to log a user out of their account, but maybe still show them whats in their shopping cart in the unsecure parts of your store (or whatever).

Code: Select all

<?php
  $maxlife = 900; // 15 Minutes
  
  session_start();
  
  if(isset($_SESSION['last_accessed'])) {
    if($_SESSION['last_accessed'] < (time() - $maxlife)) {
      # Session Expired
        logout();
    } else {
      # Session Still Active
      $_SESSION['last_accessed'] = time();
    }
  } else {
  # New Session
    $_SESSION['last_accessed'] = time();
  }
?>
User avatar
McInfo
DevNet Resident
Posts: 1532
Joined: Wed Apr 01, 2009 1:31 pm

Re: Automatic logout

Post by McInfo »

gregerst wrote:Thank's for this ide.
social_experiment wrote: :? No reference to an ide in the reply.
I think Greger meant to write "idea".
gregerst
Forum Newbie
Posts: 6
Joined: Tue Aug 02, 2011 11:31 am

Re: Automatic logout

Post by gregerst »

Thank's for all good answers. I will test Flying_cicus code and se what happends.

Thanks to all of you. :D
User avatar
social_experiment
DevNet Master
Posts: 2793
Joined: Sun Feb 15, 2009 11:08 am
Location: .za

Re: Automatic logout

Post by social_experiment »

@McInfo : Good point :) My bad
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
Post Reply