开发者

PHP - make session expire after X minutes

问答 作者:

i am using the following technique...

From the login.php the form posts to the page check.php where i do this

<?php    
$uzer = $_POST['user_name'];
$pass = $_POST['user_pass'];

require ('DB_connection.php');

$result = mysql_query("SELECT * FROM accounts WHERE user_Name='$uzer' AND user_Pass='$pass'");

if( mysql_num_rows( $result ) > 0)
{
    $array = mysql_fetch_assoc($result);    

    session_start();
    $_SESSION['user_id'] = $uzer;
    header("Location:loggedin.php");            
}
else
{
    header("Location:login.php");
}
?>

and on loggedin.php page the first thing i do is

<?php
session_start();
if( !isset( $_SESSION['user_id'] ) )
{
    header("Location:login.php");
}
else
{
    echo ( "this session is ". $_SESSION['user_id'] );
    //show rest of the page and all
}
?>

but once logged in when i directly type the url localhost\myProject\loggedin.php it displays the page...which makes perfect sense because the session has started

what i want to implement is

  • The direct URL \ session works for 10 minutes after that the session is terminated\expired\timed out and then use must login again and may get the same session id but after 10 minutes use won't be able to browse with the same sessi开发者_JAVA技巧on

WHAT DO I NEED TO DO OR LEARN

Store a timestamp in the session:

<?php    
$uzer = $_POST['user_name'];
$pass = $_POST['user_pass'];

require ('DB_connection.php');

// Hey, always escape input if necessary!
$result = mysql_query(sprintf("SELECT * FROM accounts WHERE user_Name='%s' AND user_Pass='%s'", mysql_real_escape_string($uzer), mysql_real_escape_string($pass));

if( mysql_num_rows( $result ) > 0)
{
    $array = mysql_fetch_assoc($result);    

    session_start();
    $_SESSION['user_id'] = $uzer;
    $_SESSION['login_time'] = time();
    header("Location:loggedin.php");            
}
else
{
    header("Location:login.php");
}
?>

Check if the timestamp is within the allowed time window (600 seconds is 10 minutes):

<?php
session_start();
if( !isset( $_SESSION['user_id'] ) || time() - $_SESSION['login_time'] > 600)
{
    header("Location:login.php");
}
else
{
    // uncomment the next line to refresh the session, so it will expire after ten minutes of inactivity, and not 10 minutes after login
    //$_SESSION['login_time'] = time();
    echo ( "this session is ". $_SESSION['user_id'] );
    //show rest of the page and all
}
?>

I would look at session_set_cookie_params and ini_set("session.gc_maxlifetime", "18000");

Use session set cookie function in your php file where you will start session, it will expire after as per define x minutes.

session_set_cookie_params(600);

As per above after 10 minutes session is expire.

继续阅读:phpsessionsession-timeout

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9