PHP Session Expire Redirect

Question

Possible Duplicate:
Automatically re-direct a user when session Times out or goes idle…

I have a Log In system and the session expires, but they need to refresh the page to be shown the login in screen again. Instead, my users enter data and hit submit to find out that they have been logged out.

Is there any way to make the page automatically redirect to the log-in page once the session has expired?

Thanks!

EDIT:::

From reviewing the previously asked question found Here I have used the accepted answer for this application. Thank you all for your suggestions.

Answer 1

You could use a meta-refresh tag, e.g. to redirect after 10 minutes:

<meta http-equiv="refresh" content="600;url=http://example.com/" />

This isn't a very user friendly way to handle session expiry, particularly for the use case you've highlighted.

A better technique would be to track user activity with Javascript by picking up keypress and mousemove events. Every minute, if there has been some activity, fire off an XMLHttpRequest to keep the session alive.

Say your sessions expire after 10 minutes, and this JS notices no user activity for that time, it can inside a banner into your page alerting the user that their session has expired and offering ways to re-establish the session etc.

That way, people performing data entry or (whatever the form is for) don't lose their session if they taking their time, and aren't redirected if they leave their desk for lunch!

Answer 2

The PHP function ini_get can be used to read the session lifetime when the page is created.
JavaScript can be used to execute the redirect after the session has expired.

// javascript 
var logout = function () {
   //redirect code
};
setTimeout(logout, <%= 1000 * (int)ini_get("session.gc_maxlifetime") %>);

Answer 3

you could use javascript to periodically check whether the session has expired and then redirect if it has. The implementation depends on the details of your authentication system, but would basically involve passing the expiration time of the session to the page and then comparing time of expiration to the current time until the session is expired.

EDIT: Example

I use prototype.js, so if you use some other framework (or just raw JS) you will have to adapt it.

<input type="hidden" id="expiration" value="<?php echo(time() + SESSION_TTL) ?>" />

<script type="text/javascript">
  new PeriodicalExecuter(function(pe) {
    if(getTime() >= parseInt($('expiration'))) {
      window.location = "http://session.expired.com"
    }
  }
</script>

Should do something along the lines of what you want.

Answer 4

I too employ a Javascript solution. Our login page destroys the session, so we have a timer that resets to zero on each page load. If that timer expires, it redirects to the login page, which destroys the session.

Answer 5

Well, optimally the data the user sent using your form is saved temporarily, the user gets a chance to log in again and then gets redirected to the page he came from, already filled with the old data. Having to type data twice (or having the page itself redirecting after some amount of time if you're in the middle of something) is rather annoying.

If you want to redirect without retaining the entered data on the page you should at least show the user an indication how much time he has left until the page expires. Using JavaScript should be a good option for that.