Destroy Session

Page 1 of 2 12 LastLast
Results 1 to 15 of 17
  1. #1
    Hello! NubPro is offline
    Alpha MaleRank
    Dec 2009 Join Date
    C:\DesktopLocation
    1,592Posts

    Destroy Session

    Destroy Session
    Basically, I did some research before I post this thread.
    How do I expire a PHP session after 30 minutes? - Stack Overflow

    Well, I dun quite get what the guy is trying to explain...

    This is the code provided by the guy who answered him/her.
    PHP Code:
    if (!isset($_SESSION['CREATED'])) {
        
    $_SESSION['CREATED'] = time();
    } else if (
    time() - $_SESSION['CREATED'] > 10) {
        
    // session started more than 30 minutes ago
        
    session_regenerate_id(true);    // change session ID for the current session an invalidate old session ID
        
    $_SESSION['CREATED'] = time();  // update creation time

    I want the 10 seconds works like a countdown timer and should not be affected even the page is refreshed.

    Do I have to paste the codes on every single page that requires Session?
    How can I prevent the 10 seconds revert every time when the entire page is refreshed?




  2. #2
    Custom title enabled George SS is offline
    LegendRank
    Oct 2005 Join Date
    3,286Posts

    Re: Destroy Session

    Well I don't know either , higher level PHP seems Chinese to me , but I know this should work :

    1. Set session variable with future time (example below is 10 minutes)
    PHP Code:
    <?php $_SESSION['expire'] = time() + (60 10); ?>
    2. Check the session variable is not expired
    PHP Code:
    <?php
        
    if(isset($_SESSION['expire'])
        && 
    $_SESSION['expire'] > time()){
            
    //do stuff
        
    }
        else{
            
    //destroy session or logout etc...
        
    }
    ?>
    This seems more understandeable by noobs ... like us.

    Anyways hope some genius around here can give you a better answer.
    Signature removed

    Signature rules violation.

  3. #3
    Hello! NubPro is offline
    Alpha MaleRank
    Dec 2009 Join Date
    C:\DesktopLocation
    1,592Posts

    Re: Destroy Session

    Quote Originally Posted by Mucski View Post
    Well I don't know either , higher level PHP seems Chinese to me , but I know this should work :

    1. Set session variable with future time (example below is 10 minutes)
    PHP Code:
    <?php $_SESSION['expire'] = time() + (60 10); ?>
    2. Check the session variable is not expired
    PHP Code:
    <?php
        
    if(isset($_SESSION['expire'])
        && 
    $_SESSION['expire'] > time()){
            
    //do stuff
        
    }
        else{
            
    //destroy session or logout etc...
        
    }
    ?>
    This seems more understandeable by noobs ... like us.

    Anyways hope some genius around here can give you a better answer.
    I want to prevent the time from reverting and recount from the beginning when refresh is been made.



  4. #4
    Account Upgraded | Title Enabled! AngraMainyu is offline
    True MemberRank
    May 2011 Join Date
    445Posts

    Re: Destroy Session

    PHP Code:
    <?php

    function updateSessionLifetime($timeout) {
        if(isset(
    $_SESSION) {
            
    setcookie(session_name(),session_id(),time() + $timeout);
        }
    }
    ?>

  5. #5
    The next don TheAJ is offline
    DeveloperRank
    May 2007 Join Date
    Toronto, CanadaLocation
    3,946Posts

    Re: Destroy Session

    Quote Originally Posted by NubPro View Post
    I want to prevent the time from reverting and recount from the beginning when refresh is been made.
    Check if the session variable previously exists, and if it does, that means the user has visited the site previously so you can handle specific cases using that information:

    PHP Code:
    if (isset($_SESSION['expired'])) {
        if (
    $_SESSION['expired'] > time()) {
            
    // session exists but has expired
        
    } else {
            
    // session exists and has not expired
        
    }
    } else {
        
    // session does not exist, so we should create it here...

    And yes, it has to be included in every page that requires such functionality. The session does transfer between pages, but you need to still call 'session_start()' function etc. My suggestion would be to create this feature as a function, include it inside a common PHP file, such as 'global.php' or 'common.php' and call that function before any other logic in your scripts.

  6. #6
    Hello! NubPro is offline
    Alpha MaleRank
    Dec 2009 Join Date
    C:\DesktopLocation
    1,592Posts

    Re: Destroy Session

    Quote Originally Posted by TheAJ View Post
    Check if the session variable previously exists, and if it does, that means the user has visited the site previously so you can handle specific cases using that information:

    PHP Code:
    if (isset($_SESSION['expired'])) {
        if (
    $_SESSION['expired'] > time()) {
            
    // session exists but has expired
        
    } else {
            
    // session exists and has not expired
        
    }
    } else {
        
    // session does not exist, so we should create it here...

    And yes, it has to be included in every page that requires such functionality. The session does transfer between pages, but you need to still call 'session_start()' function etc. My suggestion would be to create this feature as a function, include it inside a common PHP file, such as 'global.php' or 'common.php' and call that function before any other logic in your scripts.
    wait I think I got it.

    PHP Code:
    session_start(); 

    if (isset(
    $_SESSION['expired'])) {
        if (
    time() - $_SESSION['expired'] > 5) {
            echo 
    'expired';
            
    session_unset('expired');
        }     
    } else {
        
    $_SESSION['expired'] = time();

    yay it works! :)

    Thanks guys >< I know I'm dumb..
    Last edited by NubPro; 01-12-13 at 05:44 AM.



  7. #7
    Account Upgraded | Title Enabled! AngraMainyu is offline
    True MemberRank
    May 2011 Join Date
    445Posts

    Re: Destroy Session

    I'm not sure why everyone is this set on doing it on the server side by checking the time every time someone visits a page. Cookies were invented for a reason.

  8. #8
    Hello! NubPro is offline
    Alpha MaleRank
    Dec 2009 Join Date
    C:\DesktopLocation
    1,592Posts

    Re: Destroy Session

    Quote Originally Posted by AngraMainyu View Post
    I'm not sure why everyone is this set on doing it on the server side by checking the time every time someone visits a page. Cookies were invented for a reason.
    nah, I no wants cookies for some reason.
    User can simply flush it away and security cover will blown up.

    ==================
    Okay, since SESSION is stored on server side.
    Since I'm not allowing the users to destroy the SESSION themselves, how may I push a script to destroy all user session myself?



  9. #9
    Account Upgraded | Title Enabled! AngraMainyu is offline
    True MemberRank
    May 2011 Join Date
    445Posts

    Re: Destroy Session

    Quote Originally Posted by NubPro View Post
    nah, I no wants cookies for some reason.
    User can simply flush it away and security cover will blown up.
    You're managing a session timeout... not writing a key exchange algorithm. Why would it matter what the user does to their session cookie?

    Quote Originally Posted by NubPro
    Okay, since SESSION is stored on server side.
    Since I'm not allowing the users to destroy the SESSION themselves, how may I push a script to destroy all user session myself?
    Users can destroy sessions whenever they want, regardless of what you do on the server side. In PHP, there's no way to destroy all sessions (except maybe through SessionHandler::gc() or by extending SessionHandler.) Here's one resource on custom session handling: http://us3.php.net/session.customhandler . I'd start there if you're really insistent on controlling sessions on the server side.
    Last edited by AngraMainyu; 01-12-13 at 06:59 AM.

  10. #10
    Hello! NubPro is offline
    Alpha MaleRank
    Dec 2009 Join Date
    C:\DesktopLocation
    1,592Posts

    Re: Destroy Session

    Quote Originally Posted by AngraMainyu View Post
    You're managing a session timeout... not writing a key exchange algorithm. Why would it matter what the user does to their session cookie?



    Users can destroy sessions whenever they want, regardless of what you do on the server side. In PHP, there's no way to destroy all sessions (except maybe through SessionHandler::gc() or by extending SessionHandler.) Here's one resource on custom session handling: PHP: Custom Session Handlers - Manual . I'd start there if you're really insistent on controlling sessions on the server side.
    how say?



  11. #11
    Omega Ron is offline
    The OmegaRank
    Apr 2005 Join Date
    Location
    8,990Posts

    Re: Destroy Session

    Use database session handling.

  12. #12
    Account Upgraded | Title Enabled! AngraMainyu is offline
    True MemberRank
    May 2011 Join Date
    445Posts

    Re: Destroy Session

    Quote Originally Posted by NubPro View Post
    how say?
    Clear cookies.

  13. #13
    Programmer TimeBomb is online now
    ModeratorRank
    May 2008 Join Date
    United StatesLocation
    1,250Posts

    Re: Destroy Session

    This will explain to you how to get started with custom session handling, e.g. saving sessions to a database.

    If I recall correctly, you should be able to do what you're asking just by modifying a certain session configuration option. Specifically, check out session.gc-maxlifetime. Cheers!
    Hi

  14. #14
    Registered bialy90722 is offline
    MemberRank
    Dec 2011 Join Date
    11Posts

    Re: Destroy Session

    Quote Originally Posted by Ron View Post
    Use database session handling.
    Yes exactly. Store a session hash in cookie on authorised user and insert a row to db containing a user id ip and browset. Then on each refresh checkup a existing hash ip and browser session in db and if match up. Then let the user browse. When you purge the db with sessions on next logged user refresh he gets logged out and destroyed from cookies or whatever.
    Last edited by bialy90722; 30-12-13 at 04:55 AM.

  15. #15
    Ginger by design. jMerliN is offline
    DeveloperRank
    Feb 2007 Join Date
    2,497Posts

    Re: Destroy Session

    You should display an error if cookies aren't enabled as there's not really a reliable way to do this with cookies disabled (that isn't intrusive).



Page 1 of 2 12 LastLast

Advertisement