Welcome!

Join our community of MMO enthusiasts and game developers! By registering, you'll gain access to discussions on the latest developments in MMO server files and collaborate with like-minded individuals. Join us today and unlock the potential of MMO server development!

Join Today!

Destroy Session

Joined
Dec 15, 2009
Messages
1,387
Reaction score
236
Basically, I did some research before I post this thread.


Well, I dun quite get what the guy is trying to explain...

This is the code provided by the guy who answered him/her.
PHP:
if (!isset($_SESSION['CREATED'])) {
    $_SESSION['CREATED'] = time();
} else if (time() - $_SESSION['CREATED'] > 10) {
    // session started more than 30 minutes ago
    session_regenerate_id(true);    // change session ID for the current session an invalidate old session ID
    $_SESSION['CREATED'] = time();  // update creation time
}

I want the 10 seconds works like a countdown timer and should not be affected even the page is refreshed.

Do I have to paste the codes on every single page that requires Session?
How can I prevent the 10 seconds revert every time when the entire page is refreshed?
 
Joined
Oct 31, 2005
Messages
3,112
Reaction score
1,539
Well I don't know either , higher level PHP seems Chinese to me , but I know this should work :

1. Set session variable with future time (example below is 10 minutes)
PHP:
<?php $_SESSION['expire'] = time() + (60 * 10); ?>

2. Check the session variable is not expired
PHP:
<?php
    if(isset($_SESSION['expire'])
    && $_SESSION['expire'] > time()){
        //do stuff
    }
    else{
        //destroy session or logout etc...
    }
?>

This seems more understandeable by noobs ... like us.

Anyways hope some genius around here can give you a better answer.
 
Joined
Dec 15, 2009
Messages
1,387
Reaction score
236
Well I don't know either , higher level PHP seems Chinese to me , but I know this should work :

1. Set session variable with future time (example below is 10 minutes)
PHP:
<?php $_SESSION['expire'] = time() + (60 * 10); ?>

2. Check the session variable is not expired
PHP:
<?php
    if(isset($_SESSION['expire'])
    && $_SESSION['expire'] > time()){
        //do stuff
    }
    else{
        //destroy session or logout etc...
    }
?>

This seems more understandeable by noobs ... like us.

Anyways hope some genius around here can give you a better answer.
I want to prevent the time from reverting and recount from the beginning when refresh is been made.
 
Elite Diviner
Joined
May 30, 2011
Messages
443
Reaction score
95
PHP:
<?php

function updateSessionLifetime($timeout) {
    if(isset($_SESSION) {
        setcookie(session_name(),session_id(),time() + $timeout);
    }
}
?>
 
Joined
May 17, 2007
Messages
2,474
Reaction score
681
I want to prevent the time from reverting and recount from the beginning when refresh is been made.

Check if the session variable previously exists, and if it does, that means the user has visited the site previously so you can handle specific cases using that information:

PHP:
if (isset($_SESSION['expired'])) {
    if ($_SESSION['expired'] > time()) {
        // session exists but has expired
    } else {
        // session exists and has not expired
    }
} else {
    // session does not exist, so we should create it here...
}

And yes, it has to be included in every page that requires such functionality. The session does transfer between pages, but you need to still call 'session_start()' function etc. My suggestion would be to create this feature as a function, include it inside a common PHP file, such as 'global.php' or 'common.php' and call that function before any other logic in your scripts.
 
Joined
Dec 15, 2009
Messages
1,387
Reaction score
236
Check if the session variable previously exists, and if it does, that means the user has visited the site previously so you can handle specific cases using that information:

PHP:
if (isset($_SESSION['expired'])) {
    if ($_SESSION['expired'] > time()) {
        // session exists but has expired
    } else {
        // session exists and has not expired
    }
} else {
    // session does not exist, so we should create it here...
}

And yes, it has to be included in every page that requires such functionality. The session does transfer between pages, but you need to still call 'session_start()' function etc. My suggestion would be to create this feature as a function, include it inside a common PHP file, such as 'global.php' or 'common.php' and call that function before any other logic in your scripts.

wait I think I got it.

PHP:
session_start(); 

if (isset($_SESSION['expired'])) {
    if (time() - $_SESSION['expired'] > 5) {
		echo 'expired';
		session_unset('expired');
    } 	
} else {
	$_SESSION['expired'] = time();
}
yay it works! :)

Thanks guys >< I know I'm dumb..
 
Last edited:
Elite Diviner
Joined
May 30, 2011
Messages
443
Reaction score
95
I'm not sure why everyone is this set on doing it on the server side by checking the time every time someone visits a page. Cookies were invented for a reason.
 
Joined
Dec 15, 2009
Messages
1,387
Reaction score
236
I'm not sure why everyone is this set on doing it on the server side by checking the time every time someone visits a page. Cookies were invented for a reason.
nah, I no wants cookies for some reason.
User can simply flush it away and security cover will blown up.

==================
Okay, since SESSION is stored on server side.
Since I'm not allowing the users to destroy the SESSION themselves, how may I push a script to destroy all user session myself?
 
Elite Diviner
Joined
May 30, 2011
Messages
443
Reaction score
95
nah, I no wants cookies for some reason.
User can simply flush it away and security cover will blown up.

You're managing a session timeout... not writing a key exchange algorithm. Why would it matter what the user does to their session cookie?

NubPro said:
Okay, since SESSION is stored on server side.
Since I'm not allowing the users to destroy the SESSION themselves, how may I push a script to destroy all user session myself?

Users can destroy sessions whenever they want, regardless of what you do on the server side. In PHP, there's no way to destroy all sessions (except maybe through SessionHandler::gc() or by extending SessionHandler.) Here's one resource on custom session handling: . I'd start there if you're really insistent on controlling sessions on the server side.
 
Last edited:
Joined
Dec 15, 2009
Messages
1,387
Reaction score
236
You're managing a session timeout... not writing a key exchange algorithm. Why would it matter what the user does to their session cookie?



Users can destroy sessions whenever they want, regardless of what you do on the server side. In PHP, there's no way to destroy all sessions (except maybe through SessionHandler::gc() or by extending SessionHandler.) Here's one resource on custom session handling: . I'd start there if you're really insistent on controlling sessions on the server side.
how say?
 
Newbie Spellweaver
Joined
Dec 6, 2011
Messages
11
Reaction score
8
Use database session handling.
Yes exactly. Store a session hash in cookie on authorised user and insert a row to db containing a user id ip and browset. Then on each refresh checkup a existing hash ip and browser session in db and if match up. Then let the user browse. When you purge the db with sessions on next logged user refresh he gets logged out and destroyed from cookies or whatever.
 
Last edited:
Ginger by design.
Loyal Member
Joined
Feb 15, 2007
Messages
2,340
Reaction score
653
You should display an error if cookies aren't enabled as there's not really a reliable way to do this with cookies disabled (that isn't intrusive).
 
Custom Title Activated
Loyal Member
Joined
Mar 26, 2012
Messages
1,465
Reaction score
130
i had way too many problems trying to destroy my sessions in php but, this is the code that i finally went with that works for me.

<?php
// Initialize the session.// If you are using session_name("something"), don't forget it now!session_start();
// Unset all of the session variables.$_SESSION = array();
// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"] );}
// Finally, destroy the session.session_destroy();
header('location:index.php');?>

That is my logout.php file. If it works for you please let me know. Good luck.
 
Back
Top