FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » sessions timeout
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: sessions timeout [message #176410 is a reply to message #176409] Wed, 04 January 2012 10:51 Go to previous messageGo to previous message
The Natural Philosoph is currently offline  The Natural Philosoph
Messages: 993
Registered: September 2010
Karma:
Senior Member
Arno Welzel wrote:
> Michael Joel, 2012-01-04 02:42:
>
>> I am on a shared server so I have no control over the settings.
>>
>> Is there a way for me to set a "timeout" for sessions?
>
> Maybe using ini_set() to modify session.cookie_lifetime - but i'm not
> sure if this is possible.
>
> Another way would be to manage this "manually" - e.g. using the current
> time and the time of the last activity of the user:
>

Another way would be to not use sessions and use the raw cookie instead,
then you have complete control.

Every time a user with a valid login hits the site, you check his cookie
against one stored in a database for that user, make sure its less than
whatever minutes old, and immediately store the current time and issue a
new utterly random cookie to the user.


Whether HE times them out in his browser or not is irrelevant. You ARE.

If the cookie is out of date at YOUR end, issue the 'you are not logged
in, bugger off or get with the program' message.

Once you HAVE a database of users its a lot easier NOT to use sessions
it seems to me.

What you want to remember about a user is put in the database. ALL he
has to carry around as a cookie hopefully proving he is who he is: a
short term passport.


Basically the code needs to do as a common FIRST THING in EVERY access

get the cookie name/value pair and search your database for a value that
matches it, and is less than X minutes since it was stored in the database.

If a match found, immediately generate a random cookie value, store in
on the database and reset the timestamp on that user to 'now'. I store
their IP address as well, Then use them with the new cookie and set a
global variable somewhere saying 'this user is OK and his ID is this'
and proceed to modify your code to behave differently if he is valid etc.

If not present a login screen (or an invitation to visit one).

The login screen takes name/password, matches them to the database
values, and then sets the same global variable and issues the first
cookie, and puts it in the database, on completion.

I am sure you can get sessions to behave in this way, but it seems to me
its a poor substitute for a database, if you have one.
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: Give me the names of some CRM php projects
Next Topic: transfering all MySQL rows to an array
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Sat Nov 30 23:15:14 GMT 2024

Total time taken to generate the page: 0.05559 seconds