Posted by Drakazz on 09/19/38 11:39

If i got it right, what you want is to do that if users dont update
their session e.g. in 20 minutes, the session will be terminated. But
if the session exists in the database, you will simply disalow any
other sessions with the same username, right?

Simply, run cron for each 5 minutes to execute the php script that
would check everything. When user logins and each time they erquest the
server, update the mysql table saying time() + 60*10 ( 10 minutes ).
So if the script that is being executed by cron finds that the
expiration time has ended, the session is destroyed!

They wouldnt need that expiration mesage because the expiration time
would be automatically updates ( + 10 minutes for each request )

Also, there is a big disadvantage in all of this - users can have their
cookies disabled and then you'd get a big amount of sessions created in
your database... so you'd be dead because of that.

Just when users are logging in, in the login page set a cookie
$_COOKIE['do_login'] = true; and when user requests the actual login
page, where all the info is sent - the $_COOKIE['do_login'] should be
checked. If it is not, then simply say that Cookies must be enabled! :)

I might have confused anyone who is reading but figure it out then!

Good luck on your site!
Thanks!

[Back to original message]