| Re: session handler auto log out [message #176099 is a reply to message #176093] |
Wed, 23 November 2011 18:53   |
Denis McMahon
Messages: 634
Registered: September 2010
Karma:
|
Senior Member |
|
|
On Wed, 23 Nov 2011 10:55:36 +0100, Erwin Moller wrote:
> On 11/23/2011 3:09 AM, Denis McMahon wrote:
>> On Tue, 22 Nov 2011 16:55:40 +0100, Arno Welzel wrote:
>>
>>>> Because the AJAX call will reset the session timer, so the session
>>>> will never time out.
>>>
>>> And where did i say that the AJAX call should be *before* the session
>>> times out?
>>
>> If the ajax call is made after the session has timed out, then you're
>> back to the previously discussed situation where you get a request
>> without a valid current session ID and do with it as you wish.
>>
>> Any request, whether ajax initiated, a form submission, clicking a
>> link, grabbing an image etc will send the session cookie from the
>> client to the server if a session cookie is defined.
> Are you sure a request for an *image* will modify the Session?
>
> I thought the Session would only be updated if session_start() is used
> (directly or indirectly by activation session.auto_start).
Read what I wrote again:
1) Any request ... will send the session cookie from the client to the
server if a session cookie is defined.
This is something that the client does - if it has valid (non expired)
cookies for the server and makes a request to the server, it sends the
cookies.
So yes, the client browser sends the cookies with every request,
including images etc.
If the request is then served by php (and you can serve any content with
php) _and_ that php invokes the session handler, then the php session
timer is reset in the server, and an updated session cookie will be sent
back to the client browser.
eg if my web page includes <img src="server/getimage.php?imgid=76">
and getimage.php looks something like:
<?php
session_start();
$imageId = 2;
if (isset($_POST['imgid'])) $tmpImgId = intval($_POST['imgid']);
if ($tmpImgId > 1 && $tmpImgId < 1000) $imageId = $tmpImgId;
$imgFile = "/disks/images/webimages/{$imageId}.png"
if (file_exists($imgFile)) {
$size = getimagesize($imgFile);
if $size) {
header('Content-Type: ' . $size['mime'];);
header('Content-Length: ' . filesize($imgFile));
ob_clean();
flush();
readfile($imgFile);
exit;
}
else {
// error - not an identifiable image file
}
}
else {
// error - file doesn't exist
}
?>
(I may not have included all the relevant error handling, validations and
verifications)
Then requesting this image will reset any session expiry timer on the
server.
Rgds
Denis McMahon
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]