ansaurus

Question

Answer 1

A:

you could use javascript to periodically check whether the session has expired and then redirect if it has. The implementation depends on the details of your authentication system, but would basically involve passing the expiration time of the session to the page and then comparing time of expiration to the current time until the session is expired.

EDIT: Example

I use prototype.js, so if you use some other framework (or just raw JS) you will have to adapt it.

<input type="hidden" id="expiration" value="<?php echo(time() + SESSION_TTL) ?>" />

<script type="text/javascript">
  new PeriodicalExecuter(function(pe) {
    if(getTime() >= parseInt($('expiration'))) {
      window.location = "http://session.expired.com"
    }
  }
</script>

Should do something along the lines of what you want.

Ben Hughes 2009-06-17 17:49:52

I am very new to javascript can you provide an example maybe?

Chris B. 2009-06-17 17:52:57

Answer 2

A:

You could use a meta-refresh tag, e.g. to redirect after 10 minutes:

<meta http-equiv="refresh" content="600;url=http://example.com/" />

This isn't a very user friendly way to handle session expiry, particularly for the use case you've highlighted.

A better technique would be to track user activity with Javascript by picking up keypress and mousemove events. Every minute, if there has been some activity, fire off an XMLHttpRequest to keep the session alive.

Say your sessions expire after 10 minutes, and this JS notices no user activity for that time, it can inside a banner into your page alerting the user that their session has expired and offering ways to re-establish the session etc.

That way, people performing data entry or (whatever the form is for) don't lose their session if they taking their time, and aren't redirected if they leave their desk for lunch!

Paul Dixon 2009-06-17 17:50:06

That is a little too involved for what I am looking for.

Chris B. 2009-06-17 17:51:32

But thank you :)

Chris B. 2009-06-17 17:52:10

I've edited it to include the simplest possible thing that would work for you :)

Paul Dixon 2009-06-17 17:53:51

I am willing to take the challenge, but do you think you can explain your javascript-based example some more? Thank you Paul !

Chris B. 2009-06-17 17:57:15

Answer 3

A:

The PHP function ini_get can be used to read the session lifetime when the page is created.
JavaScript can be used to execute the redirect after the session has expired.

// javascript 
var logout = function () {
   //redirect code
};
setTimeout(logout, <%= 1000 * (int)ini_get("session.gc_maxlifetime") %>);

Lawrence Barsanti 2009-06-17 18:10:03

Answer 4

A:

I too employ a Javascript solution. Our login page destroys the session, so we have a timer that resets to zero on each page load. If that timer expires, it redirects to the login page, which destroys the session.

iddqd 2009-06-17 18:23:23

Answer 5

A:

Well, optimally the data the user sent using your form is saved temporarily, the user gets a chance to log in again and then gets redirected to the page he came from, already filled with the old data. Having to type data twice (or having the page itself redirecting after some amount of time if you're in the middle of something) is rather annoying.

If you want to redirect without retaining the entered data on the page you should at least show the user an indication how much time he has left until the page expires. Using JavaScript should be a good option for that.

bluebrother 2009-06-17 18:25:21

ansaurus

tags:

views:

answers:

PHP Session Expire Redirect

related questions