php-windows Digest 23 Mar 2012 14:25:14 -0000 Issue 4016
Topics (messages 30815 through 30815):
Session Timeout and forwarding the user to the page he was on.
30815 by: Vinay Kannan
Administrivia:
To subscribe to the digest, e-mail:
php-windows-digest-subscr...@lists.php.net
To unsubscribe from the digest, e-mail:
php-windows-digest-unsubscr...@lists.php.net
To post to the list, e-mail:
php-wind...@lists.php.net
----------------------------------------------------------------------
--- Begin Message ---
Hi,
I have a small code for auto session time out, which logs out a user upon a
session timeout, i want to get him back to the page he was on, before the
session time out..
<?php
ob_start();
session_start();
if(!isset($_SESSION['username']))
{
header("Location:index.php");
}
$vinkuser=$_SESSION['username'];
//echo $vinkuser;
//echo $_SERVER['start']; // set timeout period in seconds
$inactive = 100; // check to see if $_SESSION['timeout'] is set
if(isset($_SESSION['timeout']) )
{
$session_life = time() - $_SESSION['timeout'];
if($session_life > $inactive)
{
$go=$_SERVER['HTTP_REFERER'];
session_destroy();
header("Location:index.php?go=$go");
}
}
$_SESSION['timeout'] = time();
?>
But once the user is logged out by script after inactivity, he has to login
and then he goes back to the home page, i want to send the user back to the
page he was last accessing from which he got logged out.
I tried to use a $go variable and then from login page, send him to that
page, but now i am thinking this might not be a secure way of doing it,
since someone could just replace the location url and gain access to the
username and pswd?
Thanks,
Vinay
--- End Message ---
