473,836 Members | 2,240 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

session time out

4 New Member
i have a page which display all images in a floder.for accesing this page i am asking password for this.
now i have 2 files named as password.php and gallery.php.

now my requirement in if user not accessing any event form the past 15 min then i will redirect this gallery page to password.php.
Oct 30 '06 #1
7 55919
268 Contributor
/* set the cache expire to 15 minutes */
session_cache_e xpire (15);
$cache_expire = session_cache_e xpire();

Now sessio0n expire 15 min Now sheck teh session and u redirect to password.php

Oct 30 '06 #2
4 New Member
thanks but it is not working.
i set the password in a session variable $_SESSION['password'] = $_POST['password'];

then in the gallery.php i wrote the following code:

Read the Posing Guidelines before you post any code in this forum!! Especially the part about using the [code], [php] and [html] tags when showing code!! - Ronald

session_start() ;

session_cache_e xpire(15);
$cache_expire = session_cache_e xpire();

if(!isset($_SES SION['password'])){
$msg = "Your session is expired.Please re enter the password";
header("Locatio n: index.php?msg=" .$msg);
} else {
// remaining code to display the gallery
Read the Posing Guidelines before you post any code in this forum!! Especially the part about using the [code], [php] and [html] tags when showing code!! - Ronald

wht's wrong in it? i am not getting.
can i change any default settings in php.ini file?
Oct 30 '06 #3
4 New Member
thanks i will use the required codes as per the guidelines from now onwards.
thanks but it is not working.
i set the password in a session variable $_SESSION['password'] = $_POST['password'];

then in the gallery.php i wrote the following code:
session_start() ;

session_cache_e xpire(15);
$cache_expire = session_cache_e xpire();

if(!isset($_SES SION['password'])){
$msg = "Your session is expired.Please re enter the password";
header("Locatio n: index.php?msg=" .$msg);
} else {
// remaining code to display the gallery


wht's wrong in it? i am not getting.
can i change any default settings in php.ini file?
Oct 31 '06 #4
1 New Member
session_start() ; must be placed AFTER the session_cache_e xpire()
function, not before it.

See: http://us3.php.net/session_cache_e xpire for more info.

Jan 2 '07 #5
1 New Member
session_cache_e xpire is the wrong function. It sets the lifetime of session pages stored on the client's computer (think "web page cache"). It only operates when session.cache_l imiter is set to something other than its default of nocache and has NO VALUE for timing out a session. It's only value is for convenience when surfing a session-controlled web site. Generally (IMHO), you shouldn't be using it at all.

If you want sessions to expire, you need to do one or both (preferably both) of two things.

1) Limit the life of the session on the server.

You do this by setting the session.gc_maxl ifetime variable. This variable sets the maximum life in seconds of a session file on the server. Note that the garbage collector (gc) doesn't start every time session_start() is executed, so a session file may remain on the server longer than its maxlifetime, but once the value is exceeded, the file will be permanently deleted, thus closing the session. You can control (mostly) how frequently the gc is executed, but I'll leave that as an exercise for the reader.

ini_set('sessio n.gc_maxlifetim e', 1800);

Sets the maximum session file life to 30 minutes (1800 seconds).

2) Limit the life of the session on the client.

You do this by setting the maximum life of the session cookie (if you're using cookies, which you should be, they're the most secure method).

session_set_coo kie_params(1800 , '/');

sets all session cookies to 30 minutes (1800 seconds).


A) Garbage collection is a PHP event. This means two websites on the same server use the same garbage collector and, without control, the same directory for session files. This means when your neighbor executes the gc, your files can be affected. And if your maxlife is shorter than his, then you're deleting his files sooner than he wants. You can avoid this problem by putting the session files for your website (or any sub-portion of the site) into their own directory using session_save_pa th(PATH); Then, when you start the gc, it only affects your session files, and when your neighbor starts the gc, it only affects his. For improved security, PATH should not be a public directory (c.f. file and directory permissions for your computer.)

B) The '/' in the cookie variable identifies the directories on your website the session cookie can be used for. For most people, leaving it as '/' (all directories) is OK, but keep it in mind. It's a useful tool if there's a user section to your website and an admin section and they both use session cookies. The admin might want to use '/', but the user might want to use '/user', etc.

C) ALL of these commands/variables MUST be executed BEFORE session_start() ; Thus:
Expand|Select|Wrap|Line Numbers
  1. define(SESSION_PATH, '/tmp/mydir');
  2. define(COOKIE_DIR, '/');
  3. define(COOKIE_MAXLIFE, '1800');
  4. define(GC_MAXLIFE, '1800');
  6. session_save_path(SESSION_PATH);
  7. ini_set('session.gc_maxlifetime', GC_MAXLIFE);
  8. session_set_cookie_params(COOKIE_MAXLIFE, COOKIE_PATH);
  9. session_start();
D) Finally, be aware that there's no way to guarantee a session will close in EXACTLY any amount of time. Cookies can be spoofed, which is why you should also use the gc, but the gc might not execute for several minutes (or longer if your site isn't used very often) after the session file times out. No solution is perfect, and you can only approach perfection as the number of people who use your site increases, thereby increasing the frequency of gc operation.

Jan 23 '08 #6
The simplest way to log out:

Put this code at the top of every page, give that you are using the sessions on your website to pass variables. One of these variables is the variable 'time'.

Expand|Select|Wrap|Line Numbers
  1. <?php
  2. session_start();
  3. $t = time();
  4. $t0 = $_SESSION['time'];
  5. $diff = $t - $t0;
  6. if ($diff > 1800 || !ISSET ($t0)) {          //log off after being idle for 30 minutes or trying to log illegally
  7. session_unset();
  8. session_destroy();
  9. Header ('Location: index.php?msg=SessionTimeOut');
  10. Exit;
  11. }
  12. Else {
  13. $_SESSION['time'] = time();
  14. }
  15. ?>
good luck...
Nov 14 '10 #7
1 New Member
Excellent explanation, just correcting
use only one COOKIE_PATH or COOKIE_DIR
so the change for example to cookie dir is...
session_set_coo kie_params(COOK IE_MAXLIFE, COOKIE_DIR);

May 16 '13 #8

Sign in to post your reply or Sign up for a free account.

Similar topics

by: Thotatri | last post by:
hi, I am facing a session time out problem once after installing .net framework 1.1 . The problem is session is getting expired on frequently say 5 mts like that.I have good configuration & good RAM. I had the same problem in .net framework 1.0 also .. It got solved when we increased the memory..
by: GP | last post by:
Session time out in IIS is set for 60 min,but why does we get "Object reference not set to an instance of an object. " when the browser is not used for more than 4 to 5 minutes.Please let me know soln if someone know the answer. Thanks GP
by: Jeff | last post by:
Question. How would I go about increasing the session time of a user, before they are logged out for inactivity? The reason I want to do this, is because players may have the site open, while actually playing a game. But when they come back to report, they are no longer logged in, but it appears that they are. I assign the cookie when they login using the following code: response.cookies("username") = username
by: mansoorsheraz | last post by:
Hi i am, developing a new project for a calling card company. I am, having problems in the session time out. I want to redirect a user to the login page when the session time out expires. All of the pages have session_start() in them to see if the user has actually logged in to the site. I set the session.cookie_lifetime on my login page to 60 seconds and when i click on some url after 60 seconds it takes me to the login page which is very much...
by: abcd | last post by:
I am using classic ASP. When the session times out theglobal.asa event called session_on end is invoked which is absolutely correct. When I explicitely do IIS reset or iis restart then again session_on end is invoked. How can I distguish in global.asa event session_on end that this is natural session time out or explicit IIS restart.... thanks
by: shahnawaz shaikh | last post by:
i want to know can we give page level session time out on page just like we give session time out in web.config.
by: arjun kamlakar | last post by:
Hi All, I am arjun kamlakar working as programer in hochtechnologies. I got a problem with session time out. I have used <httpRuntime executionTimeout= "9000"> <Session Timeout= "9000"> not only this all other parameters i applied in web.config file. Still it is not working. moreover the site is live on the server. I cant change the mach.config file on server. what could be the alternate for this. Can any one help me in...
by: Rogier | last post by:
Hello, I made a simple script with some session variables. When I work in the application, and when I don't use the application for some time, the session vars are erased... even when I set the session time out for 4 hours.... Here is a part of the code: <?PHP
by: ShirishKumar | last post by:
hi, I have one task, i want to show some information on my web page "Your Session has completed please login again",when the Session time out. thanks, Shirish.
by: kolhapur | last post by:
hello, i want to change session time.the session time should differ according to section of my module. i have tried with these function ini_set('session.gc_maxlifetime'), ini_set( 'session.cookie_lifetime', 3600 * 24 );, $currentTimeoutInSecs = ini_get(’session.gc_maxlifetime’) but then also its not happening. please help me.
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.