How to check session timeout?

itsource · December 3, 2002, 7:00am

If user already login and go to member section. If he leave computer for long time without logout.

If he click any link in member section again. I want to display message to tell him that session timeout. you must login again

How can I check?

KillaByte · December 3, 2002, 7:33am

Create a timestamp when the user enters the section. when he re-enters generate another one and compare it to the old one. If the difference is greater than a given value, destroy the session and throw him back to the login screen.

itsource · December 3, 2002, 7:48am

Thanks, Is php has any function to check it ?

KillaByte · December 3, 2002, 8:55am

The time() function returns the actual time in seconds.

itsource · December 3, 2002, 9:00am

I mean function about session to check directly because I use JSP before and jsp has method to check if current session is new session or old session.

Helge · December 3, 2002, 9:20am

you could try this code (I’ve not tested it). Put it at the top of your scripts.

if (!empty($_SESSION['enterTime'])) {
    $timeDiffernce = time() - $_SESSION['enterTime'];
    if ($timeDiffernce > 3600) { // exprie after one hour (3600 seconds)
        // unset session
        unset($_SESSION['username']);
        unset($_SESSION['password']);
        unset($_SESSION['enterTime']);

        // get login form

    } else {
        // Reset to current time.
        $_SESSION['enterTime'] = time();
    }
} else {
    $_SESSION['enterTime'] = time();
}

-Helge

itsource · December 6, 2002, 3:57am

I put this code at the top of every script

session_start();
        if(!session_is_registered("user"))
        {
                print "<script language='Javascript'>";
                print "window.location.replace('../membersignup/loginmail.php');";
                print "</script>";
                exit;
        }

When user login I register username as session variable, so every page I check this variable. if session timeout (26 minute). I use code to redirect to loginmail.php again.

This code should work. But the problem is I login and leave my computer more than 1 day.

When i click link again, it should redirect in to loginmail.php but session still valid so I still can surf member section. I don’t know why session not timeout ?

KillaByte · December 6, 2002, 7:24am

What’s your ‘register_globals’ setting?
If it’s set to off (as in more recent versions of PHP) you should not use session_register() anymore but instead use the $_SESSION array directly.

Do you destroy the session when a timeout occurs or just remove the ‘user’ variable from it?

The code that checks if a timeout has occured must be placed on top of every page you want to protect, too (with an include for example).

itsource · December 6, 2002, 8:15am

What’s your ‘register_globals’ setting?
If it’s set to off (as in more recent versions of PHP) you should not use session_register() anymore but instead use the $_SESSION array directly.

I use PHP 4.2.2 and set to off. but session_register() still work correctly.

Do you destroy the session when a timeout occurs or just remove the ‘user’ variable from it?

No, Doesn’t it automatic destroy when timeout?