I have this basic php script, that doesn’t seem to log me out after a certain amount of time, and I also find myself still “logged in” even if I come back to it again after a certain amount of days
if(!array_key_exists("admin_user",$_SESSION)){
header("location: index.php");
exit();
}
This is obviously a big security risk, as I don’t want someone borrowing my computer (as all my other computers are also used for the same purposes i.e. logging into the admin side of my projects
Where is your session destroy?
session_destroy();
No where to be seen apparently, lol
EDIT: I did try it, but doesn’t seem to be working
That’s because the global $_SESSION array will be rebuilt on the next request. You need to unset the session var that you’re using to track the logged in status of the user, eg:
unset($_SESSION['admin_user']);
That’s already being called in a method when the “Logout” button is pressed, it’s not all times when I press that button, especially when in a rush to get offline
You’ll need to set the session lifetime:
ini_set('session.gc_maxlifetime', 1800);
session_set_cookie_params(1800);
This should set the session timeout for 30 minutes. This method should be good enough for what you want, although if you want to guarantee that the session expires on time you’ll need to do some extra work.
This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.