| Re: session handler auto log out [message #176049 is a reply to message #176048] |
Mon, 21 November 2011 15:06  |
Arno Welzel
Messages: 317
Registered: October 2011
Karma:
|
Senior Member |
|
|
Erwin Moller, 2011-11-21 15:41:
> On 11/21/2011 3:07 PM, Arno Welzel wrote:
>> DavidB, 2011-11-19 23:49:
>>
>>> Is there a way to model a session handler to auto logout after a specified
>>> period of time without refreshing the page? Something similar to a bank
>>> website that auto logs me out and redirects me to another page.
>>
>> If you want to force the client to redirect the user to another page as
>> soon as the session on the *server* times out you must do periodically
>> checks on the client e.g. using AJAX.
>>
>>
>
> Hi Arno,
>
> That approach could bite you in the back.
> For example: If your session timeout is 30 minutes, and you check each
> 10 minutes via AJAX, you'll never log out because the AJAX request
> "resets" the time-out to a new 30 minutes.
Of course i assumed that the AJAX request will not reset the session
timeout (and yes, i know how sessions work in PHP).
> This can all be circumvented (if you know how Sessions work in PHP), but
> I would advise the OP to follow Denis's advice and simply use a
> window.setTimeout() in JavaScript. Much easier.
I agree - setTimeout() is the easies solution in most cases. But you
have to take care that any further interaction will immediatly cancel
the timeout. Depending on the structure of the site and how interaction
is done (e.g. using AJAX and not complete reloads of the page), a simple
setTimeout() may not be enough.
--
Arno Welzel
http://arnowelzel.de
http://de-rec-fahrrad.de
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]