By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
440,581 Members | 2,007 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 440,581 IT Pros & Developers. It's quick & easy.

Session Timeouts

P: 1
My site (www.txfannin.org) has a back-end Admin area used by volunteers to add content to the Db which contains over 60 table. When each volunteer logs into the Admin area I store their Username and access lever in the $_SESSION associative array. This information is used in a log record when a record is updated.

At the beginning of each Admin module I test for the existence of a Session and if not started, then one is started. On the most used module I also set the timeout_duration = 21600 (6 hours).

The problem is that the volunteers will oftentimes work a couple of hours and then do some research, have lunch, take a nap, go to bed while the browser is still open and the admin page is still active. Thus, when they return to the computer, they again start working with the Admin module and when a record is updated the Username is Unknown. Unknown because the Session has expired and thus, the Session variable is not set and the Username is set to Unknown.

So the question is... Is there anyway to solve the problem using Sessions or do I need to just store the info in Local Storage?

TIA for any assistance.
jdadwilson
1 Week Ago #1
Share this Question
Share on Google+
1 Reply


gits
Expert Mod 5K+
P: 5,353
well - there are different ways to solve such like for example storing an accesstoken at the client (in a javascript variable on the page, in a cookie or in local storage as you wish) and always submit it with any request - when a session expired you could then do a auto-relogin or just a session recreation in the background or such. Another way would be to let the client send a periodic request - that way you would know the website is still open in the browser and the user might be afk and wants to come back probably.

The method you want to use might even depend on the 'importance' of the usecase - since a login basically is only done if you want to secure something - which means that the 'intelligence' (usually this dictates even the effort to put in) of the logic should be on par with the requirements.
1 Week Ago #2

Post your reply

Sign in to post your reply or Sign up for a free account.