session id's

darkvirus

I have sessions and a login script but i want to put the sessions id along with a few other details but i cant work out how to echo the session id to put it in the table. also i want to delete sessions that are more than 5 minutes old, where abouts would i put the script to do this. The code i have so far is below

<?php
session_start();
if(!isset($_SESSION['logged_in'])){
if ((!isset ($usernick) ) || ($usernick == 'Anonymous')){

$login_info = "<form action='$PHP_SELF' method='post' STYLE='margin-bottom: 0px'>

<span class='smalltext'>Username:</span><br>
<input name='usernick' type='text' value='Anonymous' size='15'><br>
<span class='smalltext'>Password:</span><br>
<input type='password'  name='password' size='15'><br>
<input type='checkbox' value='1' name='rememberme'><span class='smalltext'>Remember me</span><br>
<input type='submit' value='Login'></form>

<a href=#><span class='smalltext'>Forgot Password</span></a><br>
<a href=#><span class='smalltext'>Create Account</span></a>";

} else {
$result = mysql_query("SELECT userID, username, password FROM users WHERE username='$usernick'") or die ("Invalid query");
if (mysql_num_rows($result) == 0){

$login_info = "Error: Incorrect username or password<br>
<a href='$PHP_SELF'>Try again</a>";

} else {
$select = mysql_fetch_array($result);
if (md5($password) != $select['password']) {
$login_info = "Error: Incorrect username or password <br>
<a href='$PHP_SELF'>Try again</a>";
} else {
$_SESSION['logged_in'] = "$userID";

$login_info = "Done";

}}}} else {

$login_info = "Logged in";

}
?>

Norman

Darkvirus,

As far as getting the session id is concerned, as long as you have started the session (with session start) you can use:

 session_id();

This will return a string version of the ID.

As far as the timeout .. you will have to roll your own as far as I know.. as i'm doing this right now.. but am having some problems with the Session Vars getting dropped for some reason..

Basically you should add a field in your sesssion called : time or some such, put the current time + timeout (in seconds) in there. this will be the Unix Timestamp where it will expire.

Then when you are doing session checking (for vars) check if the time now (function: time()) is the same as your timeout time in the session vars.

Make sense?

If not, let me know.

darkvirus

ahh, thanx for that, ive been trying $session_id() and getting no where.

as far the other question, im wanting just to delete the session id and row from the database, i can make the code for this, im just not sure where abouts to put it in my script. Its so i can just do a users active in the last 5 minutes on my site

m_tt

For the timeout thing, one option would be to store the session id, and the timeout timestamp in the database.

Example:

$session_Delete = time() + (5 * 60);

The session_Delete variable will be a timestamp that is 5 minutes from the current server time.

Store the session_Delete and the session_id in a table. Next setup a script that will run on a cronjob (every 1 minutes is what I use) that will delete any rows with a timestamp less than the current time.

Example:

$curTime = time();
mysql_query("DELETE FROM sessions WHERE Deactivate < '" . $curTime . "'")or die(mysql_error());

Then on the pages you will do a check against the sessions table to see if the session_id is still in there. If it's not, you clear the session and redirect the user to the login screen.

This is the method I have used before and it works just fine, it may not be for you tho : )

Norman

I'm guessing that's a personal preference..

Personally I do all my "Session Expiriation" at the top of the script, just after teh session start..

That way, when it updates the "time", I will have a few extra seconds.

But like I said, personal preference.