| Re: session handler auto log out [message #176091 is a reply to message #176087] |
Wed, 23 November 2011 09:22   |
Arno Welzel
Messages: 317
Registered: October 2011
Karma:
|
Senior Member |
|
|
Denis McMahon, 2011-11-23 03:09:
> On Tue, 22 Nov 2011 16:55:40 +0100, Arno Welzel wrote:
>
>>> Because the AJAX call will reset the session timer, so the session will
>>> never time out.
>>
>> And where did i say that the AJAX call should be *before* the session
>> times out?
>
> If the ajax call is made after the session has timed out, then you're
> back to the previously discussed situation where you get a request
> without a valid current session ID and do with it as you wish.
Which can be handled of course.
> Any request, whether ajax initiated, a form submission, clicking a link,
> grabbing an image etc will send the session cookie from the client to the
> server if a session cookie is defined.
>
> If php code is invoked to handle the request and that code invokes the
> session handler, then the session timer will be reset and an updated
> session cookie reflecting the new timeout / expiry will be sent to the
> client.
>
>> Hint: It is also possible to implement a session handling on your own.
>
> Then you need to go and write your own session handler. Have fun.
Maybe you should have a look to DokukWikis session handling as an example.
--
Arno Welzel
http://arnowelzel.de
http://de-rec-fahrrad.de
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]