session once again...

axo

hi,
normally i've no probs with sessions... but, everyday there's something new ... 🙂

i have to make some session management:
- user follows some link to a members section -> session gets started with fixed timeout of e.g. 30 minutes.
- it's no problem to kick users after timeout if they reload the page, but in this members section there are also music streams - which means that the user could be 'idle' and still be using the page 😉
- after EXACTLY 30 minutes the user has to be forced to leave the members section.

if i use meta refresh in a hidden frame - is this secure enough? i just think of browsers ignoring this...

a propos: i have full access to the server (unix) and to all config files (.htaccess, httpd.conf, php.ini) ... so if someone knows a better way than php, tell me please 🙂

any ideas?

hopefully ...
thanks 🙂

stolzyboy

i don't see a problem with your meta refresh, most newer browsers will use the meta refresh

the only thing i could see is if you have the interval too small and a lot of users, the overhead could be a problem, but if the timeout is 30 minutes, you shouldn't have to have a small interval

axo

hmmm...
the overhead isn't the great problem, as we use a new server all alone, but...
i've decided to generate the session, load the variables to a flash movie which is a countdown of minutes:seconds and reloads the page if the countdown reaches 00:00 ... in combination with the meta refresh every 1 minute to check the timeout over and over 🙂
i still don't like it, would have been great to use some safer server-side action, but i don't want to use some java applet and it seems to work like that 🙂

thanks a lot! 🙂