Sessions

Anon

Hi,

I am trying to use sessions for a restricted area of a web site. So far I have my users logged in, and the session started using..

session_start();

session_register(username);
session_register(password);

How do I...

Ensure that the session exists on the next page. If it doesn't, I would redirect to login page.
Put a timeout on the session of 600secs so if the user does not so anything fo 10 mins, then clicks a link they are asked to log in again.

theslinky

Hi,

To ensure they are logged in, you'd need to store their session ID right after they log in so that you can compare with that ID everytime they load a new page.

use mysql to store the session ID and have a field indicating they are logged in and what username they are logged in as.

in you PHP, after you call session_start, compare the session_id() with the one in the database to verify that this session has been logged in. If not, then redirect to the login page.

You can also add a time field in the mysql table and in your SQL query, add something like:

$SQLQuery = "SELECT ... WHERE lastactivity > " . (time() + 600);

Make sure you update the table everytime they go to a page:

$SQLQuery = "UPDATE table SET lastactivity = " . time() . " WHERE session_id = '" . session_id() . "'";

Note: the above codes are just abstract. Create your table and replace the field names with the ones you assigned.

-sridhar

bastien

sessions uses a $PHPSESSID variable

place the sessions_start(); code on every page, it will check to see if the session is started.

if (!$PHPSESSID){
header("Location:http/www.mysite.com/anotherpage.php");
}else{
//more code here
}

hth

bastien

theslinky

You are right in saying: "place the sessions_start(); code on every page, it will check to see if the session is started". BUT: if it is NOT started, it will start a new one. So without tracking and storing the session_id, there is no way you can know whether a new session was started or not.

-sridhar

Anon

I have this code on one of my page but everytime I refresh the page SID changes. Shouldn't it be same or am I doing something wrong ?

session_start();

echo "session id" . SID . "<br>";

$sc = $Session->session_code;

if (!isset($SESSION['sc']))
{
$SESSION['sc'] = $Session->session_code;
}

echo "session code=". $_SESSION['sc'];

crislewis

If you don't really want to track sessions through a db then simply set a session variable to hold the last access time. At the start of each page check this variable. If it is null then you have a new session (or no session at all so remember to check PHPSESSID as well). If it has a value simply check it against the current time to see it you need to log them out.

easy peasey and no DB access needed.

I would only use a db if you need to check users are logged in only once at a time - you need somewhere to store a list of logged on users (or then again you could use a column in your users table to shown if they are logged on or not).

Cheers,

Cris