| Re: session handler auto log out [message #176104 is a reply to message #176101] |
Wed, 23 November 2011 19:42   |
Arno Welzel
Messages: 317
Registered: October 2011
Karma:
|
Senior Member |
|
|
Denis McMahon, 2011-11-23 19:58:
> On Wed, 23 Nov 2011 10:17:45 +0100, Arno Welzel wrote:
>
>>>> Hint: It is also possible to implement a session handling on your own.
>
>>> Yup, not easy to do, though.
>
>> Recording a timestamp and checking if the time of the last request by
>> the user (and not only the "check if session is still valid" request) is
>> not older than x minutes is "not easy"?
>
> and the session variables?
They get lost, as soon as the PHP session times out of course - but by
doing periodically request using JavaScript this will not happen, so one
has to implement additional logic to maintain your application specific
session timeout and to distinguish between the periodically session
checks via JavaScript and "real" requests caused by user interaction.
In case JavaScript is not available, the session will just time out, any
session variable will be lost and usually the redirection to a "session
timed out" page will be done using the referrer which indicates the
previous page was one which is only accessible for logged in users.
If there is even no referrer you can not distinguish between a session
timeout or a new session and you have to redirect to a general login
page, maybe with an additional explanation like "maybe your session
timed out because we did not receive any request for more than 5
minutes" or similar.
--
Arno Welzel
http://arnowelzel.de
http://de-rec-fahrrad.de
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]