0

I am using PHP to settle the session timeout...I found a few solutions so i picked the one i understand the most which was:

    $now = time(); // checking the time now when home page starts

    if($now > $_SESSION['expire'])
    {
    session_destroy();
    echo "Your session has expire ! <a href='login.php'>Login Here</a>";
    };

I also added this in my login processor page

$_SESSION['start'] = time(); // taking now logged in time
$_SESSION['expire'] = $_SESSION['start'] + (30 * 60) ; // ending a session in 30 minutes from the starting time

from How do I expire a PHP session after 30 minutes?

The result was that the message Your session has expire ! <a href='login.php'>Login Here</a> did appear but the page was still in the homepage instead of going back to the login page...I was wondering if by adding header ('Location:login.php'); below the echo line will bring it back to the login page...

How do i change the echo message to pop up message instead together with bring the page back to login.php?

Thanks...I know there are answers online but I want to know where is my mistake so i can learn something here...Teaching and guidance is really appreciated

Community
  • 1
  • 1
Hubert
  • 443
  • 1
  • 8
  • 20
  • You want to show a notification and want a redirect to login.php? This is kind of tricky. If you use the header function then the redirect will be immediately. So the user does not see your echoed text. You can use a JavaScript redirect after a delay of x seconds so the user has time to read the notification and is then redirected to your login.php. If you do so then it would be nice to exit the script after echoing the notification (and the JavaScript) so that the rest of the page is not renderer. Otherwise this could lead to confusion. – TRD Apr 02 '12 at 14:09

1 Answers1

2

You can not echo something and at the same time redirecting to the homepage with a header() call. The header call requires that you DON'T echo anything. Also, popups need you to use some sort of client-side scripting (ECMAScript/JavaScript). Try to output this code on logout instead of your message:

<script>
alert('Your session have expired! Please login again.');
location.href = 'login.php';
</script>

Another solution is to NOT destroy the session entirely. Just unset all variables. Then store an error message in the session and redirect to the login page. Show the error message at the login page. Something like this:

function my_session_destroy() {
  $_SESSION = array();
}

if (/* session expired  ...*/) {
  my_session_destroy();
  $_SESSION['error'] = 'Your session have expired. Please login and try again.';
  header('Location: login.php');
  exit(); //Always call exit() after a header('Location: ...') call!
}

At login.php:

if(isset($_SESSION['error'])) {
  printf('<p class="error">%s</p>', $_SESSION['error']);
  unset($_SESSION['error']);
}
Emil Vikström
  • 90,431
  • 16
  • 141
  • 175
  • This is a good answer, nicely explains the proper way todo it....but you can echo content after setting a redirect call `header( "Refresh:0;url=login.php" );` ;) – Lawrence Cherone Apr 02 '12 at 14:16
  • Lawrence, that message won't be seen, though. Just because you TECHNICALLY can echo content doesn't mean it's the right thing to do (since it won't be seen by the user). – Emil Vikström Apr 02 '12 at 14:18
  • Thanks so much manage to solve problem with your answer..Thanks! – Hubert Apr 02 '12 at 16:45