I am creating sessions using the session_start() function.
I use sessions to for sign in process.
// auth.php
include_once 'common.php';
include_once 'db.php';
dbConnect("corporate");
// start session
session_start();
// convert username and password from _POST or _SESSION
if($_POST){
$_SESSION['username']=$_POST["username"];
$_SESSION['password']=$_POST["password"];
}
// query for a user/pass match
$result=mysql_query("select * from users
where username='" . $_SESSION['username'] . "' and password='" .
$_SESSION['password'] . "'");
// retrieve number of rows resulted
$num=mysql_num_rows($result);
// print login form and exit if failed.
if($num < 1){
echo "<center><BR><BR>You are not authenticated. Please login.<br><br>
<form method=POST action=main.php>
username: <input type=text name=\"username\"> <BR>
password: <input type=password name=\"password\"> <BR>
<input value=login type=submit>
</form></center>";
exit;
}
$Firstname = mysql_result($result,0,'FirstName');
$Lastname = mysql_result($result,0,'Lastname');
$phonenumber = mysql_result($result,0,'phonenumber');
mysql_close();
?>
The problem is that when user logs in without login off (where the
session is killed) he can access the page even the second day.
How do I set the session to expire for some time of inactivity.
Bart,