1

hi guys how can i destroy session after some minutes (example 30min), i would really appriciate if someone can help me through out of this,

here is my code im using for login :

checkLogin :

 <?php
// checkLogin.php

session_start(); // Start a new session
require('db.php'); // Holds all of our database connection information

// Get the data passed from the form
$username = $_POST['user'];
$password = $_POST['pass'];

// Do some basic sanitizing
$static_salt='asdfasdfqwertyuiop123ABC_some_static_salt_string';
$username = stripslashes($username);
$password = stripslashes($password);
$password=hash('sha512', $password . $static_salt . $username);


$sql = "select * from users where user = '$username' and pass = '$password'";
$result = mysql_query($sql) or die ( mysql_error() );

$count = 0;

while ($line = mysql_fetch_assoc($result)) {
     $count++;
}

if ($count == 1) {
     $_SESSION['loggedIn'] = "true";
     header("Location: index.php"); // This is wherever you want to redirect the user to
} else {
     $_SESSION['loggedIn'] = "false";
     header("Location: deshtoi.php"); // Wherever you want the user to go when they fail the login
}

?>

Login.php 

 <div class="login-form">
<form action="checkLogin.php" method="post">
<input class="fusha" placeholder="Llogaria" type="text" name="user">
<input class="fusha" placeholder="Fjalekalimi" type="password" name="pass">
<input class="fusha" style="width:272px;" type="submit" value="Kycu"/>
</form>

index.php 

<?php session_start();
if ($_SESSION['loggedIn'] != "true") {
     print('<script>window.location = "login.php"</script>');
}
?>
Tahi
  • 69
  • 1
  • 4
  • 1
    You're using a _deprecated_ extension (`mysql_*`), **and** you're vulnerable to injection attacks. fix those issues, first, I'd say – Elias Van Ootegem Aug 07 '14 at 09:42
  • http://stackoverflow.com/questions/520237/how-do-i-expire-a-php-session-after-30-minutes – Zyga Aug 07 '14 at 09:45
  • im using this localy, there will be no attack aquired, pls just tell me guys how to make this happen.., @zyga ur link i already checck all the codes, none works for me – Tahi Aug 07 '14 at 09:46

3 Answers3

0

A solution would be to implement a timeout on your own, as described in the following post: https://stackoverflow.com/a/1270960/1688441

See full post for more theoretical details.

if (!isset($_SESSION['CREATED'])) {
    $_SESSION['CREATED'] = time();
} else if (time() - $_SESSION['CREATED'] > 1800) {
    // session started more than 30 minutes ago
    session_regenerate_id(true);    // change session ID for the current session and invalidate old session ID
    $_SESSION['CREATED'] = time();  // update creation time
}

Another variation of the above would be:

if (!isset($_SESSION['CREATED'])) {
    $_SESSION['CREATED'] = time();
} else if (time() - $_SESSION['CREATED'] > 1800) {
    // session started more than 30 minutes ago
    session_destroy();
    die("Your session has expired");
}
Community
  • 1
  • 1
Menelaos
  • 23,508
  • 18
  • 90
  • 155
  • i made a simpliest solution ever myself, i simply redirect after 3sec for example to the logout page, and it ends the session by itself hehe : – Tahi Aug 07 '14 at 11:14
  • @tahi Well, meta refresh would require the user keep open the same page for X minutes. Doing it server side gaurantees you that the session is dead after X minutes. Unless ofcourse your interested more in checking for 30 minutes of inactivity before killing the session. – Menelaos Aug 07 '14 at 15:35
0

You can decide the timeout with a function. Then set a session variable called 'timeout' in the session Now put a condition of timeout. If satisfied, it will destroy your session. Check out the Code below.

If (!isset($_SESSION['timeout']))
    {
$_SESSION['timeout'] = timeout();
}
else if (timeout() - $_SESSION['timeout'] > 1800)
{
//session is started before 30 minutes
session_destroy();
//session expire message
die("Session Expired!!! Please login again to continue");
}
Pt. Raman Sharma
  • 309
  • 1
  • 4
  • 15
0

This is very simple code. The first code check that if user is login then set two session. First session name is message which has some messages and another session name is timeout which creates current time in seconds.

if($login == true)
{
    $_SESSION['message']="Login successfully";
    $_SESSION['timeout'] = time();
}

After printing session you have to write the following code. this code checks that if session is available then it checks that current time and session created time is more than 10 second if yes then it unset the session.

if(isset($_SESSION['message']))
{
    if (time() - $_SESSION['timeout'] > 10){
          unset($_SESSION['message']);
     }
}
Sumit Kumar Gupta
  • 2,132
  • 1
  • 22
  • 21