| Re: session handler auto log out [message #176097 is a reply to message #176096] |
Wed, 23 November 2011 15:39   |
Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma:
|
Senior Member |
|
|
On 11/23/2011 10:04 AM, Arno Welzel wrote:
> Jerry Stuckle, 2011-11-23 12:12:
>
>> On 11/23/2011 4:17 AM, Arno Welzel wrote:
>>> Jerry Stuckle, 2011-11-22 19:18:
>>>
>>>> On 11/22/2011 10:55 AM, Arno Welzel wrote:
>>>> > Jerry Stuckle, 2011-11-22 13:18:
>>>> >
>>>> >> On 11/22/2011 6:09 AM, Arno Welzel wrote:
>>>> >>> Jerry Stuckle, 2011-11-21 18:46:
>>>> >>>
>>>> >>>> On 11/21/2011 9:31 AM, Arno Welzel wrote:
>>>> >>>>> Jerry Stuckle, 2011-11-21 15:13:
>>>> >>>>>
>>>> >>>>>> On 11/21/2011 9:07 AM, Arno Welzel wrote:
>>>> >>>>>>> DavidB, 2011-11-19 23:49:
>>>> >>>>>>>
>>>> >>>>>>>> Is there a way to model a session handler to auto logout after
>>>> >>>>>>>> a specified
>>>> >>>>>>>> period of time without refreshing the page? Something similar
>>>> >>>>>>>> to a bank
>>>> >>>>>>>> website that auto logs me out and redirects me to another page.
>>>> >>>>>>>
>>>> >>>>>>> If you want to force the client to redirect the user to another
>>>> >>>>>>> page as
>>>> >>>>>>> soon as the session on the *server* times out you must do
>>>> >>>>>>> periodically
>>>> >>>>>>> checks on the client e.g. using AJAX.
>>>> >>>>>>>
>>>> >>>>>>>
>>>> >>>>>>
>>>> >>>>>> Which is not what the op wants. But both Denis and myself already
>>>> >>>>>> pointed this out two days ago. What's your point?
>>>> >>>>>
>>>> >>>>> Using AJAX is not "refreshing the page". You just said "needs a
>>>> >>>>> request"
>>>> >>>>> and AJAX is a way to do a request.
>>>> >>>>
>>>> >>>> It is a way which will NOT work.
>>>> >>>
>>>> >>> Why?
>>>> >>
>>>> >> Because the AJAX call will reset the session timer, so the session will
>>>> >> never time out.
>>>> >
>>>> > And where did i say that the AJAX call should be *before* the session
>>>> > times out?
>>>> >
>>>>
>>>> Backpeddling, huh?
>>>
>>> No. You just don't understand it.
>>>
>>
>> I understand completely, backpeddler.
>>
>>>> > And even if it is implemented this way - why should it not be possible
>>>> > to implement a server side script which responds to the AJAX calls and
>>>> > checks the existing session without resetting the session timeout?
>>>> >
>>>>
>>>> Backpeddling, huh?
>>>
>>> Nope.
>>>
>>
>> Yep.
>
> You still don't get it.
>
>>>> > Hint: It is also possible to implement a session handling on your own.
>>>> >
>>>>
>>>> Yup, not easy to do, though.
>>>
>>> Recording a timestamp and checking if the time of the last request by
>>> the user (and not only the "check if session is still valid" request) is
>>> not older than x minutes is "not easy"?
>>>
>>
>> A lot more to it than that, if you actually understood session handling.
>
> I do.
>
>>> [...]
>>>> >> And I did not say "refresh the page". I said "needs a request". I
>>>> >> didn't say what KIND of request.
>>>> >
>>>> > So using AJAX to send a request is fine ;-)
>>>>
>>>> ROFLMAO! No, I didn't say AJAX was OK.
>>>>
>>>> Wise up. You were wrong, but refuse to admit it.
>>>
>>> Nope. You just don't understand it.
>>
>> I understand completely, backpeddler.
>
> No you don't. You said:
>
> "While you can set a session timeout value on the server, you can't
> force the client to a different page from the server. It requires a
> request from the client."
>
> You don't understand because you assume that any request will *always*
> reset the session timeout and you assume that relying on PHPs own
> session handling is the only way to go.
>
>
No, but I also know that any request which does not reset the timeout
does not cause a redirect.
We are talking PHP sessions here, not something you've cobbled up on the
side. And that's how PHP sessions work.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]