| Re: session handler auto log out [message #176090 is a reply to message #176083] |
Wed, 23 November 2011 09:17   |
Arno Welzel
Messages: 317
Registered: October 2011
Karma:
|
Senior Member |
|
|
Jerry Stuckle, 2011-11-22 19:18:
> On 11/22/2011 10:55 AM, Arno Welzel wrote:
>> Jerry Stuckle, 2011-11-22 13:18:
>>
>>> On 11/22/2011 6:09 AM, Arno Welzel wrote:
>>>> Jerry Stuckle, 2011-11-21 18:46:
>>>>
>>>> > On 11/21/2011 9:31 AM, Arno Welzel wrote:
>>>> >> Jerry Stuckle, 2011-11-21 15:13:
>>>> >>
>>>> >>> On 11/21/2011 9:07 AM, Arno Welzel wrote:
>>>> >>>> DavidB, 2011-11-19 23:49:
>>>> >>>>
>>>> >>>>> Is there a way to model a session handler to auto logout after
>>>> >>>>> a specified
>>>> >>>>> period of time without refreshing the page? Something similar
>>>> >>>>> to a bank
>>>> >>>>> website that auto logs me out and redirects me to another page.
>>>> >>>>
>>>> >>>> If you want to force the client to redirect the user to another
>>>> >>>> page as
>>>> >>>> soon as the session on the *server* times out you must do
>>>> >>>> periodically
>>>> >>>> checks on the client e.g. using AJAX.
>>>> >>>>
>>>> >>>>
>>>> >>>
>>>> >>> Which is not what the op wants. But both Denis and myself already
>>>> >>> pointed this out two days ago. What's your point?
>>>> >>
>>>> >> Using AJAX is not "refreshing the page". You just said "needs a
>>>> >> request"
>>>> >> and AJAX is a way to do a request.
>>>> >
>>>> > It is a way which will NOT work.
>>>>
>>>> Why?
>>>
>>> Because the AJAX call will reset the session timer, so the session will
>>> never time out.
>>
>> And where did i say that the AJAX call should be *before* the session
>> times out?
>>
>
> Backpeddling, huh?
No. You just don't understand it.
>> And even if it is implemented this way - why should it not be possible
>> to implement a server side script which responds to the AJAX calls and
>> checks the existing session without resetting the session timeout?
>>
>
> Backpeddling, huh?
Nope.
>> Hint: It is also possible to implement a session handling on your own.
>>
>
> Yup, not easy to do, though.
Recording a timestamp and checking if the time of the last request by
the user (and not only the "check if session is still valid" request) is
not older than x minutes is "not easy"?
[...]
>>> And I did not say "refresh the page". I said "needs a request". I
>>> didn't say what KIND of request.
>>
>> So using AJAX to send a request is fine ;-)
>
> ROFLMAO! No, I didn't say AJAX was OK.
>
> Wise up. You were wrong, but refuse to admit it.
Nope. You just don't understand it.
--
Arno Welzel
http://arnowelzel.de
http://de-rec-fahrrad.de
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]