|
|
Posted by James Benson on 09/26/43 11:33
Store the last time someone accessed their session into the $_SESSION
array then when requesting a protected page just check x amount of time
has not passed, if x amount has time has passed redirect to a login page
or re-enter their user password
small example you would use on the top of every page,
session_start();
if(isset($_SESSION['timeout'])) {
if(time() > $_SESSION['timeout']) {
// session has expired, redirect to login...
} else {
// reset the timeout time...
$_SESSION['timeout'] = time() + 3600;
}
} else {
$_SESSION['timeout'] = time() + 3600;
}
James
Adrian Bruce wrote:
> Hi
>
> I currently use an automatic logout out system that sets a time out in
> two ways.
>
> (If the ip address on computer is recognized then set timeout to 10
> mins, if not then set to 2 mins.)
>
> 1) The time out setting is used to create a meta refresh tag that will
> re-direct the user to the logout page after X seconds. 2) At the
> beginning of each page i set a variable with the current time and check
> to see if the difference between the previously set variable and the now
> current time is greater than X seconds, if so then log the user out.
> I know meta refresh is not to be relied on and that is why i use the 2nd
> method as well, but i have had varied reports that this system does not
> work, i.e. it logs people out to quickly.
> Does anyone know a better way of doing this or improvements?? it would
> also be nice to stop the pages displaying after a time out when a user
> presses the back button!
>
> Thanks a lot in advance
>
> Adrian
Navigation:
[Reply to this message]
|