473,382 Members | 1,476 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,382 software developers and data experts.

Session expired or never started?

I have some code at the top of each page that says session_start() then
checks for a value in the session. If the person never logged in the
session is empty and they get bounced to the login page. But if the person
has been sat at a normal page for 15 minutes after logging in,
session_start() works as if a session ID has not been presented, starts a
new session which is empty and the user gets bounced to the login page!

I feel like I've missed a step. How can I tell if a user doesn't have a
valid session ID because they've never logged in, or whether they don't
have a valid session ID because their session has timed out?

--
The email address used to post is a spam pit. Contact me at
http://www.derekfountain.org : <a
href="http://www.derekfountain.org/">Derek Fountain</a>
Jul 17 '05 #1
2 1758
Derek Fountain wrote:
I have some code at the top of each page that says session_start() then checks for a value in the session. If the person never logged in the
session is empty and they get bounced to the login page. But if the person has been sat at a normal page for 15 minutes after logging in,
session_start() works as if a session ID has not been presented, starts a new session which is empty and the user gets bounced to the login page!
I feel like I've missed a step. How can I tell if a user doesn't have a valid session ID because they've never logged in, or whether they don't have a valid session ID because their session has timed out?


1. <http://www.google.com/search?q=php+login>
2. <http://martin.f2o.org/php/login>

--
<?php echo 'Just another PHP saint'; ?>
Email: rrjanbiah-at-Y!com Blog: http://rajeshanbiah.blogspot.com/

Jul 17 '05 #2
Derek Fountain wrote:
I have some code at the top of each page that says session_start() then
checks for a value in the session. If the person never logged in the
session is empty and they get bounced to the login page. But if the person
has been sat at a normal page for 15 minutes after logging in,
session_start() works as if a session ID has not been presented, starts a
new session which is empty and the user gets bounced to the login page!

I feel like I've missed a step. How can I tell if a user doesn't have a
valid session ID because they've never logged in, or whether they don't
have a valid session ID because their session has timed out?


Hi Derek,

You do not know that difference.
You can however check if the user is sending a PHPSESSIONID, and so TRIES to
continue the session (which stopped as far as the server is concerned).

If send: Chances are that that user had a valid session before, but it is
gone now (the value for the PHPSESSIONID is not stored anymore onthe
server, so PHP refuses to continue the session, as it should.).

This is not 100% foolproof, because the user could have faked set its own
PHPSESSIONID-cookie, but who cares?

(It is actually a little bit more complex because PHP can also use
URL-rewritting to add a sessionid, but the effect is the same.)

If you don't find a PHPsessionid, than it is probably the first visit.

Of course the excact behaviour depends on HOW you let the cookie behave, or
more to the point: how long it is valid.
I expect that if you say to the browser that the cookie is only 5 minutes
valid, it won't send it even after 10 minutes.

Regards,
Erwin Moller
Jul 17 '05 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

6
by: Keith | last post by:
Is there any way of detecting whether a session variable does not exist because it expired or because it simply did not exist in the first place? Thanks
4
by: Timothy V | last post by:
Hi, I was wondering how long the created session variables last for? To be more clear, when are they destroyed? Do I have to set the variables to null in Session_End()? Is the Session_End()...
4
by: Nick | last post by:
Hi I am a little stuck. I have a web app which uses cookieless session management. I would like to inform a user when their session has ended but cannot work out how to implement. I thought...
5
by: Tim W. | last post by:
Folks. In a B2B Procurement system we've created, we got following Session-Issue: Configuration: We are using IIS 6.0 and added SQL-Based-Sessions in web.config with a timeout of 240 minutes...
18
by: Rippo | last post by:
Hi I am using role base forms authentication in asp.net and have come across a problem that I would like advice on. On a successful login a session variable is set to identify a user. This is...
2
by: Gordon Burditt | last post by:
I had this idea about preventing session fixation, and I'm wondering what anyone else thinks about it. The idea is, essentially, don't allow session ids that YOUR PHP didn't generate (and aren't...
2
by: astuemky | last post by:
I don't know if I should post this here or in SQL Server, but thought I'd start here. We have been using the default ASPState database that microsoft creates for session state tracking. Even...
4
by: sriram | last post by:
Hello Friends, I am new to this group so big HIIIIIIII to all :) fine i have a serious doubt about session handling in PHP. After 20 min (default time) session getting expired, session values...
7
by: Microsoft Newsserver | last post by:
Hi Folks. I have an issue I need some help with if thats OK. I am running Framework 2.0 using Windows Integrated Security. For most of the application we manage session timeouts without the...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...
0
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
0
by: aa123db | last post by:
Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...
0
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
0
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
0
BarryA
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
1
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.