Follow along with the video below to see how to install our site as a web app on your home screen.
Note: This feature may not be available in some browsers.
<?php
session_start(); // start up your PHP session!
if ($_SESSION[LoggedIn] != "True")
{
header("location:LoginPage.php");
exit;
}
?>
define('TIMEOUT', 60 * 60); // timeout of one hour
if ($_SESSION[LoggedIn] != "True" || $_SESSION['lastVisit'] + TIMEOUT < time())
{
$_SESSION = array();
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
session_destroy();
header("location:LoginPage.php");
exit;
} else {
$_SESSION['lastVisit'] = time();
}
I would say, that is not just good practice, it is mandatory. Otherwise the document will be generated and delivered. And with the help of NoRedirect the visitor will just continue to enjoy the navigation.jpadie said:it is good practice to issue an express exit or die command after header redirection.
That sounds stupid. Why would you do that ? Why would that be useful for anybody ? The only logic reason I see is a public information terminal.Hozzer said:If for instance there is no user activity for 10 minutes then I assume the user has walked away from the terminal itself, I'd then like to redirect back to the home page of the app.
[b]<meta[/b] [maroon]http-equiv[/maroon][teal]=[/teal][green][i]"refresh"[/i][/green] [maroon]content[/maroon][teal]=[/teal][green][i]"600; url=http://example.com/"[/i][/green][b]>[/b]
Krappeleby said:yes. however i am not using cookies on this site, so just the session destroy is adequate. no need to make additional server load.
Krappleby said:sorry. $inactive is set as a session variable, previously its set in seconds.. for the number of seconds that a user is permitted to be inactive before the script redirects them and destroys the session.
krappleby said:the timeout variable, resets to the current time when the page is loaded (note this is also a session variable, and carries through to all the pages. so as a new apge loads, the timout variable becomes the timeout variable of the next page..
$session_life = time() - $timeout;
krappleby said:Code:$session_life IS EQUAL TO current time MINUS time of script execution.
Krappleby said:inactive is set previously. it stays the same all the time.
krappleby said:when a page loads, it checks the time now - the last time timeout was updated, resulting in a number, if that number is greater than 60 or inactive, then the script destroys sessions..
However the CODE THAT YOU POSTED DOES NOT DO THIS.jpadie said:[/code]
$_SESSION['lastVisit'] + TIMEOUT < time()
[/code]
Krappleby said:PS.. i set sessions
via the
session_register() system
session_start(); //if required
$_SESSION['test'] = 'foobar';
not necessarily. there are a number of ways to expire sessions without user interaction. for example you can control the garbage collection probability and the session timeout value. you could also run a database or file system cleanup on each page load, irrelevant of the incoming user. both methods are perfectly normal.bswip said:PHP is server side, so setting a session timeout will only work if the end-user tries to access another page.
bswip said:You still need a mechanism to ensure that if that user starts that browser, or another browser, they cannot access the page.