That's exactly what I ended up doing! For the benefit of others, I'll explain what I have done. I shall leave out the forms, db scripts etc.:
1) When a user logs in a 32 character session identifier is generated ($session) and a timestamp is created to set the timeout ($to). These can then be passed on to the sites pages through a header etc.
-------------------------------------------- function sessionID($length=32) {
$pool = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
$pool .= "abcdefghijklmnopqrstuvwxyz";
$lastchar = strlen($Pool) -1;
for($i = 0; $i < $length; $i++) {
$sid .= $pool[mt_rand(0, $lastchar)];
}
return ($sid);
}
mt_srand(time());
$to = time();
$session = sessionID(32);
2) I then created a function to verify the session ID. This is used by other functions in this system.
function isID($sID) {
if(!(eregi("([a-z]{32})+$", $sID))) {
return false;
}
return true;
}
3) I created a function to print links. If the session ID is valid then the session ID and timestamp are added to the link along with any other variables, which may need to be passed from page to page.
When this function is called the first three arguments that are passed are the links URL, target and class. Any following arguments are added onto the link in the form of variables. I.E. &var=$var.
function varLink() {
global $session,$to;
$url = func_get_arg(0);
$target = func_get_arg(1);
$class = func_get_arg(2);
if(isID($session)) {
print("<a href=\"$url?session=$session&to=$to&");// add session vars
}
else {
print("<a href=\"$url?");
}
for($i = 3; $i < func_num_args(); $i++) {// add any url vars
print("" . func_get_arg($i) . "&");
}
print("\" target=\"$target\" class=\"$class\">");
}
I also created a similar function for form URLs etc.
4) Now that I have the session vars being passed through the site, all that is needed is a function to expire the session if it is inactive for while. I felt that 15 mins is sufficient so I set the time out to 900. The function is called at the top of every page and either unsets the session vars or refreshes the timestamp depending on the amount of time since the last page load.
function setTo($session, $to) {
$newTo = time();
if(900 < ($newTo - $to)) {// if longer than 15 mins expire session
unset($session); // clear session vars
unset($to);
}
else {
$to = $newTo;// if less than 15 mins activity update session time stamp
return(array($session, $to));
}
}
Below is the code that is placed at the top of every page, which calls the function to set the timeout.
if(isset($session) && isset($to)) {
list($session, $to) = setTo($session,$to);
}
So now whenever a person has not loaded a page for more than 15 mins the setTo function unsets the session vars. This in turn causes the varLink function to print a link without the session vars. In effect this expires the session. But if a page is loaded inside the 15 mins time then the setTo function sets $to with the current
timestamp and varLink then prints the session vars therefore sustaining the session for another 15 mins.
And that's my DIY session system.
Hope this is useful!
P.S. This example code was rushed so it may not work correctly as-is. But I have used this system and it works :=)
