| Re: session handler auto log out [message #176087 is a reply to message #176073] |
Wed, 23 November 2011 02:09   |
Denis McMahon
Messages: 634
Registered: September 2010
Karma:
|
Senior Member |
|
|
On Tue, 22 Nov 2011 16:55:40 +0100, Arno Welzel wrote:
>> Because the AJAX call will reset the session timer, so the session will
>> never time out.
>
> And where did i say that the AJAX call should be *before* the session
> times out?
If the ajax call is made after the session has timed out, then you're
back to the previously discussed situation where you get a request
without a valid current session ID and do with it as you wish.
Any request, whether ajax initiated, a form submission, clicking a link,
grabbing an image etc will send the session cookie from the client to the
server if a session cookie is defined.
If php code is invoked to handle the request and that code invokes the
session handler, then the session timer will be reset and an updated
session cookie reflecting the new timeout / expiry will be sent to the
client.
> Hint: It is also possible to implement a session handling on your own.
Then you need to go and write your own session handler. Have fun.
Rgds
Denis McMahon
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]