Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 6 of 6
  1. #1
    New Coder
    Join Date
    Jan 2010
    Posts
    36
    Thanks
    0
    Thanked 0 Times in 0 Posts

    code for session expire

    i have got a login page with emAIL and password ..
    can anyone suggest me a way to implement code for session to expire after 15 min when a peron is logged into the site if he is logged in for more than 15 min..

    these are the two sessions in log in page .
    $_SESSION['email']
    $_SESSION['password']

    below given is the code for log out page .
    PHP Code:
    <?php

    session_start
    ();
    session_unregister('email');
    session_unregister('password');
    session_destroy();
    ?>
    thank you... any help will be appreciated . . .

  • #2
    New Coder
    Join Date
    Jun 2008
    Posts
    76
    Thanks
    6
    Thanked 6 Times in 6 Posts
    Hi there you may also want to recreate there session id with this simple command

    PHP Code:
    session_regenerate_id(true
    the true argument will also delete the old session but this must all be done before you start printing out to the user as the cookie has to be resent

  • #3
    New Coder
    Join Date
    Jan 2010
    Posts
    36
    Thanks
    0
    Thanked 0 Times in 0 Posts
    thanks for the suggestion ..

    can u pls make it more clear??

  • #4
    Regular Coder sitNsmile's Avatar
    Join Date
    Dec 2009
    Location
    Charlotte, NC
    Posts
    358
    Thanks
    19
    Thanked 2 Times in 2 Posts
    Session_register, Session_unregister are going out of date, recommended that it not replied upon anymore.

    http://php.net/manual/en/function.se...unregister.php

    or logging out though, you can use something like this,


    PHP Code:
    session_start(); 
    session_unset(); 
    session_destroy(); 

  • #5
    New Coder
    Join Date
    Jan 2010
    Posts
    36
    Thanks
    0
    Thanked 0 Times in 0 Posts
    what i want to do is , after logging in with username and password , user will be in a page ,, if he / she remains logged in for 15 min , i want it to be automatically logged out and come backk to main page ...

    tried the above code , not working..

  • #6
    Regular Coder
    Join Date
    Mar 2006
    Posts
    238
    Thanks
    3
    Thanked 37 Times in 37 Posts
    1) You could try to redirect after some time using the header refresh or an Meta tags. You could redirect to a special page which would log out the user. From that page you could redirect to the main page using the header Location.

    2) I would not recommend to store the login and password in the session variables after the successful authentication. Usually they are not necessary any more after the authentication is passed. Also at some servers sessions could be badly configured so it could be possibly not really safe.

    You could simply store some flag e.g. $_SESSION['login_success'] instead. If this flag is set and e.g. equal to 1, the user is logged in.

    3) Advice given by Kieran491 to use session_regenerate_id() after successful authentication is also very good. It addresses session security (not redirect after 15 min) but the advice is good. Using this function helps to prevent session fixation attacks. Simply run this function after you have checked the user authentication was successful in your script (but before any output is sent by the script to the browser).

    Please ask questions if something is not clear.
    Last edited by SKDevelopment; 02-14-2010 at 08:43 AM.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •