Daevid Vincent wrote:
>> -----Original Message-----
>> From: Google Kreme [mailto:[EMAIL PROTECTED]
>
> Is that *really* your name?! :)
>
>> The trouble comes when you
>> need to time-out a session because someone never logged out
>> properly. That can be hairy.
>
> Yeah, it's so hard to do that subtraction...
you can only forcefully log someone out if they actually make
a(nother) request - if they are logged in and then never visit the
site again then you can't actually 'log them out' [at least not using
the info stored in the relevant session file. the best you could do is
run a 'cronjob' that periodically sets 'idle' logged in users as being logged
out.
not that the OP wanted to log the login and the logout of the user -
your code below doesn't cover that.
>
> ------------------------8< snip >8---------------------------
> <?php
> require_once('classes/user.php'); // defines a class that needs to be
> de-serialized in the session.
> session_start(); //this must be called at the top of every page anyways.
> // user.php included above is needed so the session can instantiate the User
> object.
>
> if ( !is_bool($_SESSION['login']) || $_SESSION['login'] != true ) //we
> specifically test 'true' here and boolean.
> {
>
> exit("<SCRIPT>location.href='/index.php?page=".base64_encode($_SERVER['REQUE
> ST_URI'])."';</SCRIPT>");
> }
> else
> {
> SQL_DB ($_SESSION['companydb']); // Connect to their default
> V2_Database
> SQL_QUERY("UPDATE ".$_SESSION['companydb'].".Users SET LastAccessed
> = NOW() WHERE CoreID = '".$_SESSION['coreid']."' LIMIT 1");
>
> if ((!isset($_COOKIE['sid']) && (time() - $_SESSION['last_access']
>> = $_SESSION['login_timeout'])) )
> {
> echo "<script>alert('Your session has been idle for >
> ".$_SESSION['login_timeout']."
> seconds.');location.href='./index.php';</script>";
> require_once("/your/path/htdocs/index.php");
> exit;
> }
>
> $_SESSION['last_access'] = time();
> }
> ?>
>
> And in case you wonder why I store the base64 of the current page, it's so
> that after you authenticate them, you can gracefully pass them on to where
> they were trying to go (if they weren't logged in, or had timed out),
> complete with all $_GET parameters in tact...
>
> if ($_REQUEST['page'])
> header("Location: ".base64_decode($_REQUEST['page']));
> else
> header("Location: some_other_page.php");
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
