Login time out

wendystewart80

Hi there,
I have constructed a login and password system using this tutorial:
http://php.codenewbie.com/articles/php/1482/Login_With_Sessions-Page_1.html
I don't think this code specifies a time out for the login.
How do I only make the login last for 5 minutes?

<? 
// Login & Session example by sde 
// auth.php 

// start session 
session_start(); 

// convert username and password from _POST or _SESSION 
if($_POST){ 
  $_SESSION['username']=$_POST["username"]; 
  $_SESSION['password']=$_POST["password"];   

} 

// query for a user/pass match 
$result=mysql_query("select * from users 
  where username='" . $_SESSION['username'] . "' and password='" . $_SESSION['password'] . "'"); 

// retrieve number of rows resulted 
$num=mysql_num_rows($result); 

// print login form and exit if failed. 
if($num < 1){ 
  echo "You are not authenticated.  Please login.<br><br> 

  <form method=POST action=index.php> 
  username: <input type=text name=\"username\"> 
  password: <input type=password name=\"password\"> 
  <input type=submit> 
  </form>"; 

  exit; 
} 
?>

Kudose

I think you would need to set a timestamp in the database everytime a page loads and check it against previous timestamps. If the new timestamp is more than 5 minutes old, destroy the session ( [man]session_destroy[/man] ).

But to change the default session life (the time it takes for the server to garbage the session), you would change the php.ini setting for session.gc_maxlifetime to 5 minutes, in seconds.

i.e.

<?php
ini_set("session.gc_maxlifetime", 300);
session_start();

//stuff here
?>

Botkiller

Perhaps this will help you. I never worked with sessions, but after reading about it this is what I came up with :

http://nl3.php.net/manual/en/function.session-cache-expire.php

Let me know if it works 🙂