How do I prevent an auto logout session in php?

Question

I just dont want any user will logout from website after once they will login ( now i am facing some problem that user will logout after sometime )

here is my code (login.php)

if(isset($_POST['login'])){

$user_name = mysql_real_escape_string($_POST['user_name']);
$user_pass = mysql_real_escape_string($_POST['user_pass']);

$user_pass = md5($user_pass);

$admin_query = "select * from admin_login where user_name='$user_name' AND user_pass='$user_pass'";

$run = mysql_query($admin_query); 

if(mysql_num_rows($run)>0){

$_SESSION['time_user_name']=$user_name;


echo "<script>window.open('index.php','_self')</script>";
}
else {

echo "<script>alert('User name or password is incorrect')</script>";

}

}

header.php

session_start();
if(!isset($_SESSION['time_user_name'])){
header("location: login.php");
 }else {

 include_once('connect.php');
 include_once('function.php');

 $user_real_name = $_SESSION['time_user_name'];

 $sql = "select * from admin_login Where user_name = '$user_real_name'"; 

 $result = mysqli_query($con, $sql);

 while($row = mysqli_fetch_assoc($result)) { 

 $user_real_id =  $row["user_id"];
 $user_real_email =  $row["email"];
 $role =  $row["role"];


 }

I am not getting where to set a time and prevent the logout , any clue

Possible duplicate of [Extending session timeout in PHP via the .htaccess](https://stackoverflow.com/questions/514155/extending-session-timeout-in-php-via-the-htaccess) — JIJOMON K.A, Nov 13 '18 at 06:41
Do not use MD5 for passwords. That's no better than storing them in plaintext. Use [password_hash](http://php.net/manual/en/function.password-hash.php) and [password_verify](http://php.net/manual/en/function.password-verify.php) instead. — Peter, Nov 13 '18 at 06:42
Set encoded values in cookies and use it when there is no session value — ManiMuthuPandi, Nov 13 '18 at 06:42
Possible duplicate of [How can I make a php session to never expire (in the conf file, no code)](https://stackoverflow.com/questions/37355160/how-can-i-make-a-php-session-to-never-expire-in-the-conf-file-no-code) — User123456, Nov 13 '18 at 07:09

score 0 · Answer 1 · answered Nov 13 '18 at 06:41

0

You can set the expiration time to very big value:

//set cookie lifetime for 100 days (60sec * 60mins * 24hours * 100days)
ini_set('session.cookie_lifetime', 60 * 60 * 24 * 100);
ini_set('session.gc_maxlifetime', 60 * 60 * 24 * 100);
//maybe you want to precise the save path as well
ini_set('session.save_path', '/home/yoursite/sessions');
//then start the session
session_start();

answered Nov 13 '18 at 06:41

Payam Khaninejad

7,692
6
45
55

i will try this and update you , i have confussion in setting path – mani Nov 13 '18 at 06:55
Set it to your server root path – Payam Khaninejad Nov 13 '18 at 06:58
Do *not* store sessions within the webroot. They obviously contain sensitive data and must not be made public. – Peter Nov 13 '18 at 07:04
1

Then save it on /tmp or the place which users dosen't have direct access – Payam Khaninejad Nov 13 '18 at 07:10
ok , but still i have problem with path , without session.save_path will it works ? – mani Nov 13 '18 at 07:21
Yes, you have a default path on php.ini – Payam Khaninejad Nov 13 '18 at 07:26
ok thank you , i have added session.cookie_lifetime and session.gc_maxlifetime , i checked in phpinfo() its showing session.gc_maxlifetim is -1440 – mani Nov 13 '18 at 07:32

score 0 · Answer 2 · answered Nov 13 '18 at 06:52

0

Alternatively you can use meta tag with very long duration (like 10000 seconds) for content attribute as below:

<meta http-equiv="refresh" content="10000;url=logout.php"/>

answered Nov 13 '18 at 06:52

Sreekandan K

1

in header file ? – mani Nov 13 '18 at 06:55
2

This is not a solution, it will refresh the page at the given interval – ManiMuthuPandi Nov 13 '18 at 07:24

How do I prevent an auto logout session in php?

2 Answers2