Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

how to automatically logout users from my site

0 views
Skip to first unread message

cami...@gmail.com

unread,
Jan 19, 2008, 6:03:14 PM1/19/08
to
hello.
I'm building a site using php I have a setup.php page wich has at the
begining session_start();
and every single page from my site includes setup.php. When a user
registers I save in $_SESSION["Login"] the userName, so that when !
isset($_SESSION["Login"]) I can redirect him to the login.php page.
After some inactivityperiod, e.g. 20 min, I need that user to be
automatically logged off. Besides I need to keep track of the users
that are online in that moment, so the logout should run some server-
side script too. Can anyone give me some ideas??

Jensen Somers

unread,
Jan 19, 2008, 6:35:19 PM1/19/08
to
Hello,

I handle things very basic and easily. I have a session class which holds all the
information I need to save in a session (user login details, current shopping
list items...) and one of those is the time when the session was created. When
the user moves to the next page one of the functions I call is one that checks
the current time against the saved session time. If the difference between those
is greater than time X I call the logout function and redirect the user to the
login form.

I don't really see a point in checking the login time of the user with some cron
job. If he wants to leave a page open for 2 hours that's fine, he can't do
anything special with it. If he closes the browser the session is destroyed, if
he moves to another page I have the checking routines.

- Jensen

ajtri...@googlemail.com

unread,
Jan 19, 2008, 6:52:27 PM1/19/08
to

You could save the username as a cookie and set a expiry time e.g
setcookie("username", "user", "/", "EXPIRY TIME");

Then for each page they load do a setcookie to keep it refreshed with
the timelimit.

Jonas Werres

unread,
Jan 20, 2008, 6:16:58 AM1/20/08
to
> You could save the username as a cookie and set a expiry time e.g
> setcookie("username", "user", "/", "EXPIRY TIME");
>
> Then for each page they load do a setcookie to keep it refreshed with
> the timelimit.

Yeah great. Or you do something that's not an enormous security hole,
since cookies can be freely created and edited by the user.

Running PHP scripts without the context of an HTTP request is only
possible by using cronjob s or similar things.
So the only thing you can do is saving timestamps of last activity (NOT
IN COOKIES!) and look every minute or so if there are expired ones.

If you would tell us what you are planing to do, we could tell you why
you don't want to do that.

Jonas Werres

unread,
Jan 20, 2008, 6:18:44 AM1/20/08
to
> I don't really see a point in checking the login time of the user with
> some cron job. If he wants to leave a page open for 2 hours that's fine,
The session is normally expired than

> he can't do anything special with it. If he closes the browser the
> session is destroyed,

No, it's not. There is no sure way for the server to determine if the
browser is closed. The session will continue to exist until it expires.
Only the browser will forget how to access it.

Rik Wasmus

unread,
Jan 20, 2008, 7:13:22 AM1/20/08
to

Easiest way: define a database storage handler for the session (see
http://php.net/session_set_save_handler), use a table with a datetime or
timestamp field (always updated to the current time on save) and a
blob/text field for the session-data. Define a proper function for the
garbage-collector which uses the settings for a session
(session.gc_maxlifetime), and everything will be done automatically.
Getting information about current sessions now becomes a simple query on
the database.
--
Rik Wasmus

0 new messages