Resetting a session's timeout.

razorsedgeuk

Hi.

I am using PHP 4 sessions.

The pages controlled by the session are for employees to amend their own personal data for the companies personnel system.

When they start editing, I want to be able to "timeout" the page.

I use the Refresh header to do this (i.e. if a page is loaded for more than say 3 minutes, then the logon screen is shown). No problems.

There are several different pages for the user to enter details (personal, banking, etc).

As I jump from page to page, I examine the session. I don't want the session to expire BEFORE 3 minutes. But I also don't want the session to be permanent.

Can I "reset" the session timeout to be 3 minutes when a page is loaded?

Or do sessions get reset each time they start?

[deleted]

Session's lifetime gets reset after each use.
It would be very nasty if you'd give a hard-limit to how long any session can last. What if someone spent all day working with your site? :-)

razorsedgeuk

The area of the site I am developing is for a small set of terminals to the main site for employees to check personal details. Under normal circumstances, these sessions would last a few minutes. The purpose of the expiry is to stop people leaving personal details on the screen, bank details specifically.

If they take too long, then I want to them to have to login again. 3 minutes to check your name and address is plenty.

So.

Each time I load a page in this section of the site, I use ...

session_set_cookie_params(180);
session_start();

This (I think) sets the session cookie to last 3 minutes. I also have a 3 minute refresh on the pages (automatically re-loads the logon page).

As long as the cookie is reset each time a page loads, then I am happy.

The problem is caused when an employee leaves themselves logged in. If someone else comes to the pc, they can start looking at the information about the previous user (bank details, etc).

I think 3 minutes is way long enough.

Is there a way of determining when a cookie is going to expire?

[deleted]

You don't need to set the cookie-timeout every time, PHP takes care of that. through php.ini (if you set it right)

When the cookie times out, the browser erases the cookie, and php will forget about that user's session, and he will have to logon again.
Note: don't put a timeout of 3 minutes on the cookie and put the same 3 minutes on the refresh, they are bound to be off by a few seconds, and the page could refresh before the cookie is erased, thus refreshing the cookie to last another 3 minutes.

A general note: read the manual about cookies and sessions.

razorsedgeuk

I have to say that the CHM manual is fine for a reference guide, but contains nothing of use in terms of ways of working, or examples. Hence, the posting here!

I would also say, that cookies and stuff are not really within the remit of PHP.

[deleted]

I'm not complaining about you posting here, just politly advising you to check the PHP manual becauseit explains cookies and sessions well enough to answer your questions.

About setting cookies and their timeouts:
http://www.php.net/manual/en/function.setcookie.php

Everything you wanted to know about sessions:
http://www.php.net/manual/en/ref.session.php