0

I'm making a webapp and using session to keep loged in user data. i I set 2 variables $_SESSION["loged_in"] and $_SESSION["user_id"] to know whether the user is connected or not. but when the session reach it's timeout, the variables still exists which distort my logic. how can i solve that ?

Xsmael
  • 3,624
  • 7
  • 44
  • 60
  • [check this out](http://stackoverflow.com/a/1270960/1978142) could shed some light. – user1978142 Jul 04 '14 at 08:10
  • 1
    You'll need to show more than two variables I would imagine for any real "logic" to iron itself out :) – l'L'l Jul 04 '14 at 08:10
  • You need to store the timeout value in the session. If you don't clear out a session after the value you choose, `session.gc_maxlifetime` will do it for you eventually. – Synchro Jul 04 '14 at 09:16

1 Answers1

1

Are you sure that session has reached it's timeout?

Based on your question, if the session is still exist I think the session has not reached it's timeout. session have a lifetime. session lifetime can you see in a file that name php.ini

In that file you can found how long session lifetime in the value of var session.gc_maxlifetime. You can set/change session lifetime by following the steps in the following link How to change the session timeout in PHP?

====== UPDATE ======

based on your comment, may be you haven't create code to logout the user if they try to load a page when they've been inactive for too long

you must "create code to check session time and create code to logout" in every .php file you have.

if( $_SESSION['last_activity'] < time()-$_SESSION['expire_time'] ) { 
    header('Location: http://yoursite.com/logout.php');
} 
else{ 
    $_SESSION['last_activity'] = time(); //this was the moment of last activity.
}
Community
  • 1
  • 1
newbeProgramer
  • 26
  • 4
  • 1
    please elaborate your answer and give references for the OP to understand – Yaje Jul 04 '14 at 09:07
  • i'm sure because i used `session_cache_expire(1)` and `session_cache_limiter("public")` so that the session will expire after one minute. But evenif you're right and the session does not timeout, why after a certain time of inactivity the session variables doesnt contain what it should? for example i'm using '$_SESSION["user_id"]' to show user related data but it shows me some errors instead, or certain things doesnt appear, but I'm surprised to not be redirected to login page as it should be,sessions are clearly destroyed only when I logout, and the logout link just call `session_destroy()` – Xsmael Jul 04 '14 at 16:09
  • @Xsmael may be you haven't create code to logout the user if they try to load a page when they've been inactive for too long. I have edited my answer – newbeProgramer Jul 05 '14 at 08:45
  • ofcourse I haven't i thought that if the user is inactive till the timeout time. the sessions will be destroyed automatically. that's how Sessions are supposed to work no? am I wrong ? – Xsmael Jul 06 '14 at 14:46
  • @Xsmael you are right.. but ofcourse you must "create code to check session time and create code to logout" in every .php file you have. – newbeProgramer Jul 06 '14 at 21:14
  • @newbeProgramer where do you put the value of `$_SESSION['expire_time']` ? – Xsmael Jul 07 '14 at 16:06