ro********@gmail.com wrote:
I need to limit the session time for a particular user who is working
on my site. I'd also like to extend the session time each time user
performs some action (moves from one page to another). I've written
the following code to accomplish this task
/* Extending session */
if(isset($_COOKIE['username'])) {
setcookie ("username", $_POST['username'], time()+3600);
}
Pardon, you let them post their username on every navigation?
Variable $_COOKIE['username'] right after the authorization is
completed.
The problem is that I don't think this is a safe way to handle
sessions. Perhaps I should use $_SESSION global array to store the
username of the logged user?
Why not set the time of the last action in the $SESSION?
$timeout = 60 * 60; //60 minutes here, as long or short as you'd like
session_start();
if(!isset($_SESSION['time']) || $_SESSION['time'] + $timeout < time()){
//invalid, we'll destroy all data:
$_SESSION = array();
if (isset($_COOKIE[session_name()])) setcookie(session_name(), '',
time()-42000, '/');
if (isset($_COOKIE['username'])) setcookie('username', '', time()-42000,
'/');
session_destroy();
} else {
//valid, update times:
$_SESSION['time'] = time();
setcookie('username', $username, $_SESSION['time'] + $timeout, '/');
//You'll have to get that $username from somewhere in your actual
validation.
}
Grtz,
--
Rik Wasmus