| Re: session handler auto log out [message #176096 is a reply to message #176094] |
Wed, 23 November 2011 15:04   |
Arno Welzel
Messages: 317
Registered: October 2011
Karma:
|
Senior Member |
|
|
Jerry Stuckle, 2011-11-23 12:12:
> On 11/23/2011 4:17 AM, Arno Welzel wrote:
>> Jerry Stuckle, 2011-11-22 19:18:
>>
>>> On 11/22/2011 10:55 AM, Arno Welzel wrote:
>>>> Jerry Stuckle, 2011-11-22 13:18:
>>>>
>>>> > On 11/22/2011 6:09 AM, Arno Welzel wrote:
>>>> >> Jerry Stuckle, 2011-11-21 18:46:
>>>> >>
>>>> >>> On 11/21/2011 9:31 AM, Arno Welzel wrote:
>>>> >>>> Jerry Stuckle, 2011-11-21 15:13:
>>>> >>>>
>>>> >>>>> On 11/21/2011 9:07 AM, Arno Welzel wrote:
>>>> >>>>>> DavidB, 2011-11-19 23:49:
>>>> >>>>>>
>>>> >>>>>>> Is there a way to model a session handler to auto logout after
>>>> >>>>>>> a specified
>>>> >>>>>>> period of time without refreshing the page? Something similar
>>>> >>>>>>> to a bank
>>>> >>>>>>> website that auto logs me out and redirects me to another page.
>>>> >>>>>>
>>>> >>>>>> If you want to force the client to redirect the user to another
>>>> >>>>>> page as
>>>> >>>>>> soon as the session on the *server* times out you must do
>>>> >>>>>> periodically
>>>> >>>>>> checks on the client e.g. using AJAX.
>>>> >>>>>>
>>>> >>>>>>
>>>> >>>>>
>>>> >>>>> Which is not what the op wants. But both Denis and myself already
>>>> >>>>> pointed this out two days ago. What's your point?
>>>> >>>>
>>>> >>>> Using AJAX is not "refreshing the page". You just said "needs a
>>>> >>>> request"
>>>> >>>> and AJAX is a way to do a request.
>>>> >>>
>>>> >>> It is a way which will NOT work.
>>>> >>
>>>> >> Why?
>>>> >
>>>> > Because the AJAX call will reset the session timer, so the session will
>>>> > never time out.
>>>>
>>>> And where did i say that the AJAX call should be *before* the session
>>>> times out?
>>>>
>>>
>>> Backpeddling, huh?
>>
>> No. You just don't understand it.
>>
>
> I understand completely, backpeddler.
>
>>>> And even if it is implemented this way - why should it not be possible
>>>> to implement a server side script which responds to the AJAX calls and
>>>> checks the existing session without resetting the session timeout?
>>>>
>>>
>>> Backpeddling, huh?
>>
>> Nope.
>>
>
> Yep.
You still don't get it.
>>>> Hint: It is also possible to implement a session handling on your own.
>>>>
>>>
>>> Yup, not easy to do, though.
>>
>> Recording a timestamp and checking if the time of the last request by
>> the user (and not only the "check if session is still valid" request) is
>> not older than x minutes is "not easy"?
>>
>
> A lot more to it than that, if you actually understood session handling.
I do.
>> [...]
>>>> > And I did not say "refresh the page". I said "needs a request". I
>>>> > didn't say what KIND of request.
>>>>
>>>> So using AJAX to send a request is fine ;-)
>>>
>>> ROFLMAO! No, I didn't say AJAX was OK.
>>>
>>> Wise up. You were wrong, but refuse to admit it.
>>
>> Nope. You just don't understand it.
>
> I understand completely, backpeddler.
No you don't. You said:
"While you can set a session timeout value on the server, you can't
force the client to a different page from the server. It requires a
request from the client."
You don't understand because you assume that any request will *always*
reset the session timeout and you assume that relying on PHPs own
session handling is the only way to go.
--
Arno Welzel
http://arnowelzel.de
http://de-rec-fahrrad.de
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]