469,366 Members | 2,227 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,366 developers. It's quick & easy.

session time out

hi
i have a page which display all images in a floder.for accesing this page i am asking password for this.
now i have 2 files named as password.php and gallery.php.

now my requirement in if user not accessing any event form the past 15 min then i will redirect this gallery page to password.php.
Oct 30 '06 #1
7 55442
vssp
268 100+
/* set the cache expire to 15 minutes */
session_cache_expire (15);
$cache_expire = session_cache_expire();

Now sessio0n expire 15 min Now sheck teh session and u redirect to password.php

vssp
Oct 30 '06 #2
thanks but it is not working.
i set the password in a session variable $_SESSION['password'] = $_POST['password'];

then in the gallery.php i wrote the following code:

Read the Posing Guidelines before you post any code in this forum!! Especially the part about using the [code], [php] and [html] tags when showing code!! - Ronald

<?php
session_start();

session_cache_expire(15);
$cache_expire = session_cache_expire();

if(!isset($_SESSION['password'])){
$msg = "Your session is expired.Please re enter the password";
header("Location: index.php?msg=".$msg);
} else {
// remaining code to display the gallery
}
?>
Read the Posing Guidelines before you post any code in this forum!! Especially the part about using the [code], [php] and [html] tags when showing code!! - Ronald

wht's wrong in it? i am not getting.
can i change any default settings in php.ini file?
bye
Oct 30 '06 #3
thanks i will use the required codes as per the guidelines from now onwards.
thanks but it is not working.
i set the password in a session variable $_SESSION['password'] = $_POST['password'];

then in the gallery.php i wrote the following code:
[PHP]
<?php
session_start();

session_cache_expire(15);
$cache_expire = session_cache_expire();

if(!isset($_SESSION['password'])){
$msg = "Your session is expired.Please re enter the password";
header("Location: index.php?msg=".$msg);
} else {
// remaining code to display the gallery
}
?>

[/PHP]

wht's wrong in it? i am not getting.
can i change any default settings in php.ini file?
bye[/quote]
Oct 31 '06 #4
session_start(); must be placed AFTER the session_cache_expire()
function, not before it.

See: http://us3.php.net/session_cache_expire for more info.

Patrick
Jan 2 '07 #5
howick
1
session_cache_expire is the wrong function. It sets the lifetime of session pages stored on the client's computer (think "web page cache"). It only operates when session.cache_limiter is set to something other than its default of nocache and has NO VALUE for timing out a session. It's only value is for convenience when surfing a session-controlled web site. Generally (IMHO), you shouldn't be using it at all.

If you want sessions to expire, you need to do one or both (preferably both) of two things.

1) Limit the life of the session on the server.

You do this by setting the session.gc_maxlifetime variable. This variable sets the maximum life in seconds of a session file on the server. Note that the garbage collector (gc) doesn't start every time session_start() is executed, so a session file may remain on the server longer than its maxlifetime, but once the value is exceeded, the file will be permanently deleted, thus closing the session. You can control (mostly) how frequently the gc is executed, but I'll leave that as an exercise for the reader.

ini_set('session.gc_maxlifetime', 1800);

Sets the maximum session file life to 30 minutes (1800 seconds).

2) Limit the life of the session on the client.

You do this by setting the maximum life of the session cookie (if you're using cookies, which you should be, they're the most secure method).

session_set_cookie_params(1800, '/');

sets all session cookies to 30 minutes (1800 seconds).

NOTES

A) Garbage collection is a PHP event. This means two websites on the same server use the same garbage collector and, without control, the same directory for session files. This means when your neighbor executes the gc, your files can be affected. And if your maxlife is shorter than his, then you're deleting his files sooner than he wants. You can avoid this problem by putting the session files for your website (or any sub-portion of the site) into their own directory using session_save_path(PATH); Then, when you start the gc, it only affects your session files, and when your neighbor starts the gc, it only affects his. For improved security, PATH should not be a public directory (c.f. file and directory permissions for your computer.)

B) The '/' in the cookie variable identifies the directories on your website the session cookie can be used for. For most people, leaving it as '/' (all directories) is OK, but keep it in mind. It's a useful tool if there's a user section to your website and an admin section and they both use session cookies. The admin might want to use '/', but the user might want to use '/user', etc.

C) ALL of these commands/variables MUST be executed BEFORE session_start(); Thus:
Expand|Select|Wrap|Line Numbers
  1. define(SESSION_PATH, '/tmp/mydir');
  2. define(COOKIE_DIR, '/');
  3. define(COOKIE_MAXLIFE, '1800');
  4. define(GC_MAXLIFE, '1800');
  5.  
  6. session_save_path(SESSION_PATH);
  7. ini_set('session.gc_maxlifetime', GC_MAXLIFE);
  8. session_set_cookie_params(COOKIE_MAXLIFE, COOKIE_PATH);
  9. session_start();
  10.  
D) Finally, be aware that there's no way to guarantee a session will close in EXACTLY any amount of time. Cookies can be spoofed, which is why you should also use the gc, but the gc might not execute for several minutes (or longer if your site isn't used very often) after the session file times out. No solution is perfect, and you can only approach perfection as the number of people who use your site increases, thereby increasing the frequency of gc operation.

Cheers.
Jan 23 '08 #6
The simplest way to log out:

Put this code at the top of every page, give that you are using the sessions on your website to pass variables. One of these variables is the variable 'time'.

Expand|Select|Wrap|Line Numbers
  1. <?php
  2. session_start();
  3. $t = time();
  4. $t0 = $_SESSION['time'];
  5. $diff = $t - $t0;
  6. if ($diff > 1800 || !ISSET ($t0)) {          //log off after being idle for 30 minutes or trying to log illegally
  7. session_unset();
  8. session_destroy();
  9. Header ('Location: index.php?msg=SessionTimeOut');
  10. Exit;
  11. }
  12. Else {
  13. $_SESSION['time'] = time();
  14. }
  15. ?>
  16.  
good luck...
Nov 14 '10 #7
Excellent explanation, just correcting
use only one COOKIE_PATH or COOKIE_DIR
so the change for example to cookie dir is...
session_set_cookie_params(COOKIE_MAXLIFE, COOKIE_DIR);

@howick
May 16 '13 #8

Post your reply

Sign in to post your reply or Sign up for a free account.

Similar topics

reply views Thread by Thotatri | last post: by
1 post views Thread by Jeff | last post: by
1 post views Thread by mansoorsheraz | last post: by
1 post views Thread by Rogier | last post: by
2 posts views Thread by ShirishKumar | last post: by
3 posts views Thread by kolhapur | last post: by
1 post views Thread by CARIGAR | last post: by
reply views Thread by zhoujie | last post: by
1 post views Thread by Marylou17 | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.