473,692 Members | 2,131 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

session time out

4 New Member
hi
i have a page which display all images in a floder.for accesing this page i am asking password for this.
now i have 2 files named as password.php and gallery.php.

now my requirement in if user not accessing any event form the past 15 min then i will redirect this gallery page to password.php.
Oct 30 '06 #1
7 55897
vssp
268 Contributor
/* set the cache expire to 15 minutes */
session_cache_e xpire (15);
$cache_expire = session_cache_e xpire();

Now sessio0n expire 15 min Now sheck teh session and u redirect to password.php

vssp
Oct 30 '06 #2
isekhari
4 New Member
thanks but it is not working.
i set the password in a session variable $_SESSION['password'] = $_POST['password'];

then in the gallery.php i wrote the following code:

Read the Posing Guidelines before you post any code in this forum!! Especially the part about using the [code], [php] and [html] tags when showing code!! - Ronald

<?php
session_start() ;

session_cache_e xpire(15);
$cache_expire = session_cache_e xpire();

if(!isset($_SES SION['password'])){
$msg = "Your session is expired.Please re enter the password";
header("Locatio n: index.php?msg=" .$msg);
} else {
// remaining code to display the gallery
}
?>
Read the Posing Guidelines before you post any code in this forum!! Especially the part about using the [code], [php] and [html] tags when showing code!! - Ronald

wht's wrong in it? i am not getting.
can i change any default settings in php.ini file?
bye
Oct 30 '06 #3
isekhari
4 New Member
thanks i will use the required codes as per the guidelines from now onwards.
thanks but it is not working.
i set the password in a session variable $_SESSION['password'] = $_POST['password'];

then in the gallery.php i wrote the following code:
[PHP]
<?php
session_start() ;

session_cache_e xpire(15);
$cache_expire = session_cache_e xpire();

if(!isset($_SES SION['password'])){
$msg = "Your session is expired.Please re enter the password";
header("Locatio n: index.php?msg=" .$msg);
} else {
// remaining code to display the gallery
}
?>

[/PHP]

wht's wrong in it? i am not getting.
can i change any default settings in php.ini file?
bye[/quote]
Oct 31 '06 #4
PatrickM
1 New Member
session_start() ; must be placed AFTER the session_cache_e xpire()
function, not before it.

See: http://us3.php.net/session_cache_e xpire for more info.

Patrick
Jan 2 '07 #5
howick
1 New Member
session_cache_e xpire is the wrong function. It sets the lifetime of session pages stored on the client's computer (think "web page cache"). It only operates when session.cache_l imiter is set to something other than its default of nocache and has NO VALUE for timing out a session. It's only value is for convenience when surfing a session-controlled web site. Generally (IMHO), you shouldn't be using it at all.

If you want sessions to expire, you need to do one or both (preferably both) of two things.

1) Limit the life of the session on the server.

You do this by setting the session.gc_maxl ifetime variable. This variable sets the maximum life in seconds of a session file on the server. Note that the garbage collector (gc) doesn't start every time session_start() is executed, so a session file may remain on the server longer than its maxlifetime, but once the value is exceeded, the file will be permanently deleted, thus closing the session. You can control (mostly) how frequently the gc is executed, but I'll leave that as an exercise for the reader.

ini_set('sessio n.gc_maxlifetim e', 1800);

Sets the maximum session file life to 30 minutes (1800 seconds).

2) Limit the life of the session on the client.

You do this by setting the maximum life of the session cookie (if you're using cookies, which you should be, they're the most secure method).

session_set_coo kie_params(1800 , '/');

sets all session cookies to 30 minutes (1800 seconds).

NOTES

A) Garbage collection is a PHP event. This means two websites on the same server use the same garbage collector and, without control, the same directory for session files. This means when your neighbor executes the gc, your files can be affected. And if your maxlife is shorter than his, then you're deleting his files sooner than he wants. You can avoid this problem by putting the session files for your website (or any sub-portion of the site) into their own directory using session_save_pa th(PATH); Then, when you start the gc, it only affects your session files, and when your neighbor starts the gc, it only affects his. For improved security, PATH should not be a public directory (c.f. file and directory permissions for your computer.)

B) The '/' in the cookie variable identifies the directories on your website the session cookie can be used for. For most people, leaving it as '/' (all directories) is OK, but keep it in mind. It's a useful tool if there's a user section to your website and an admin section and they both use session cookies. The admin might want to use '/', but the user might want to use '/user', etc.

C) ALL of these commands/variables MUST be executed BEFORE session_start() ; Thus:
Expand|Select|Wrap|Line Numbers
  1. define(SESSION_PATH, '/tmp/mydir');
  2. define(COOKIE_DIR, '/');
  3. define(COOKIE_MAXLIFE, '1800');
  4. define(GC_MAXLIFE, '1800');
  5.  
  6. session_save_path(SESSION_PATH);
  7. ini_set('session.gc_maxlifetime', GC_MAXLIFE);
  8. session_set_cookie_params(COOKIE_MAXLIFE, COOKIE_PATH);
  9. session_start();
  10.  
D) Finally, be aware that there's no way to guarantee a session will close in EXACTLY any amount of time. Cookies can be spoofed, which is why you should also use the gc, but the gc might not execute for several minutes (or longer if your site isn't used very often) after the session file times out. No solution is perfect, and you can only approach perfection as the number of people who use your site increases, thereby increasing the frequency of gc operation.

Cheers.
Jan 23 '08 #6
The simplest way to log out:

Put this code at the top of every page, give that you are using the sessions on your website to pass variables. One of these variables is the variable 'time'.

Expand|Select|Wrap|Line Numbers
  1. <?php
  2. session_start();
  3. $t = time();
  4. $t0 = $_SESSION['time'];
  5. $diff = $t - $t0;
  6. if ($diff > 1800 || !ISSET ($t0)) {          //log off after being idle for 30 minutes or trying to log illegally
  7. session_unset();
  8. session_destroy();
  9. Header ('Location: index.php?msg=SessionTimeOut');
  10. Exit;
  11. }
  12. Else {
  13. $_SESSION['time'] = time();
  14. }
  15. ?>
  16.  
good luck...
Nov 14 '10 #7
avenidagez
1 New Member
Excellent explanation, just correcting
use only one COOKIE_PATH or COOKIE_DIR
so the change for example to cookie dir is...
session_set_coo kie_params(COOK IE_MAXLIFE, COOKIE_DIR);

@howick
May 16 '13 #8

Sign in to post your reply or Sign up for a free account.

Similar topics

0
2145
by: Thotatri | last post by:
hi, I am facing a session time out problem once after installing .net framework 1.1 . The problem is session is getting expired on frequently say 5 mts like that.I have good configuration & good RAM. I had the same problem in .net framework 1.0 also .. It got solved when we increased the memory..
0
1113
by: GP | last post by:
Session time out in IIS is set for 60 min,but why does we get "Object reference not set to an instance of an object. " when the browser is not used for more than 4 to 5 minutes.Please let me know soln if someone know the answer. Thanks GP
1
1463
by: Jeff | last post by:
Question. How would I go about increasing the session time of a user, before they are logged out for inactivity? The reason I want to do this, is because players may have the site open, while actually playing a game. But when they come back to report, they are no longer logged in, but it appears that they are. I assign the cookie when they login using the following code: response.cookies("username") = username
1
5876
by: mansoorsheraz | last post by:
Hi i am, developing a new project for a calling card company. I am, having problems in the session time out. I want to redirect a user to the login page when the session time out expires. All of the pages have session_start() in them to see if the user has actually logged in to the site. I set the session.cookie_lifetime on my login page to 60 seconds and when i click on some url after 60 seconds it takes me to the login page which is very much...
1
2490
by: abcd | last post by:
I am using classic ASP. When the session times out theglobal.asa event called session_on end is invoked which is absolutely correct. When I explicitely do IIS reset or iis restart then again session_on end is invoked. How can I distguish in global.asa event session_on end that this is natural session time out or explicit IIS restart.... thanks
4
2433
by: shahnawaz shaikh | last post by:
i want to know can we give page level session time out on page just like we give session time out in web.config.
0
1182
by: arjun kamlakar | last post by:
Hi All, I am arjun kamlakar working as programer in hochtechnologies. I got a problem with session time out. I have used <httpRuntime executionTimeout= "9000"> <Session Timeout= "9000"> not only this all other parameters i applied in web.config file. Still it is not working. moreover the site is live on the server. I cant change the mach.config file on server. what could be the alternate for this. Can any one help me in...
1
3093
by: Rogier | last post by:
Hello, I made a simple script with some session variables. When I work in the application, and when I don't use the application for some time, the session vars are erased... even when I set the session time out for 4 hours.... Here is a part of the code: <?PHP
2
1105
by: ShirishKumar | last post by:
hi, I have one task, i want to show some information on my web page "Your Session has completed please login again",when the Session time out. thanks, Shirish.
3
1702
by: kolhapur | last post by:
hello, i want to change session time.the session time should differ according to section of my module. i have tried with these function ini_set('session.gc_maxlifetime'), ini_set( 'session.cookie_lifetime', 3600 * 24 );, $currentTimeoutInSecs = ini_get(’session.gc_maxlifetime’) but then also its not happening. please help me.
0
8535
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
1
8794
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
0
8796
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
1
6458
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
0
5817
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
0
4322
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
1
2968
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
2
2234
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
3
1955
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.