I want to expire PHP session after 3 hours of user inactivity. Therefore I am using following code.
ini_set('session.gc_maxlifetime', '10800');
ini_set('session.cookie_lifetime', '10800');
But I can't see it is working as expected. It is expiring the session after 3 hours whether I am actively using the application. I want to achieve this from the application. Not from the php.ini file.
How can I use PHP session to expire and Sign Out the user from the application after 3 hours of user inactivity ?
Thanks in advance
You can do something like that in php:
<?php
session_start();
$duration = (DURATION * 60);
if(isset($_SESSION['started']))
{
$showform = 0;
$time = ($duration - (time() - $_SESSION['started']));
if($time <= 0)
{
unset($_SESSION['count']);
unset($_SESSION['offender']);
$showform == 1;
}
}
else
{
$_SESSION['started'] = time();
}
?>
Set the time duration and unset it after the duration expires. Replace Duration text with minutes count like 3 hours = 180 minutes so put 180 there.
Related
I need to check if a the time between session_start and current time exceeded 10 minutes. I've tried this:
$session_duration_max = 10; // 10 min
$current_time = time();
if ((time() - $_SESSION['session_start']) > $session_duration_max ) {
// session expired
}
// elsewhere I set session
$_SESSION['session_start'] = time();
But I keep getting 0 when I subtract time() - $_SESSION['session_start'])
What am I missing?
time() is measured in seconds. To correctly set the timeout after 10 minutes, you must multiply the timeout duration by 60 seconds.
// Session does not exist
if(!$_SESSION) {
// First Session:
$_SESSION['session_start'] = time();
}
$session_duration_max = (10 * 60); // 10 min
// Check if current time is larger than timeout
if ((time() - $_SESSION['session_start']) > $session_duration_max ) {
// session expired
// delete session and require
}
Above is a better idea of a system that would make sure timeout is honored.
So I have a php session timer that works but somehow gets bugged out after awhile... this is the code and the console log I got. I'm looking for a fix to this problem, or possibly a different set of code to achieve the same timer effect (as I'm not sure if using session is the best method for a timer)
session_start();
function timer($time) {
//Set the countdown to 120 seconds.
$_SESSION['countdown'] = $time*60;
//Store the timestamp of when the countdown began.
$_SESSION['time_started'] = time();
$now = time();
$timeSince = $now - $_SESSION['time_started'];
$remainingSeconds = abs($_SESSION['countdown'] - $timeSince);
$counter = 0;
$minutes = $remainingSeconds/60;
echo "$minutes minutes countdown starts.".PHP_EOL;
while($remainingSeconds >= 1) {
$now = time();
$timeSince = $now - $_SESSION['time_started'];
if (($timeSince-$counter) >= 60) {
$remainingSeconds = abs($_SESSION['countdown'] - $timeSince);
$counter = $timeSince;
$minutes = $remainingSeconds/60;
echo "$minutes minutes has passed.".PHP_EOL;
}
}
if($remainingSeconds < 1){
session_abort();
return true;
}
}
if($this->timer(30)) {
// do whatever
echo "$time has passed";
}
Here's what happens in the console:
30 minutes countdown starts.
29 minutes has passed.
.... (continue as per pattern)
16 minutes has passed.
15 minutes has passed. (problem occurs here)
8.7166666666667 minutes has passed.
7.7166666666667 minutes has passed.
6.7166666666667 minutes has passed.
.... (continue as per pattern)
0.71666666666667 minutes has passed.
0.28333333333333 minutes has passed.
1.2833333333333 minutes has passed.
2.2833333333333 minutes has passed.
.... (continue as per pattern all the way)
Extra notes: The session timer doesn't always recur this same pattern, there have been times when it ran through the entire 30minutes and managed to echo "$time has passed"; while the bug only occured later on
I haven't run your, but just from reading it I think there are a few things very wrong with it.
Sessions. You're not using them right.
Session values should only be set once, meaning before you do $_SESSION['countdown'] = $time*60; and $_SESSION['time_started'] = time();, you should check if they already exist or not, and only assign if nonexistent. Your current code resets the clock every time the page is refreshed, which defeats the purpose of sessions.
abs. I think you're not using them right either.
You shouldn't abs the remaining seconds all the time. $remainingSeconds = abs($_SESSION['countdown'] - $timeSince); should be allowed to go into negative. Negative remaining seconds mean your timeout has expired / you've missed it! Calling abs means you're effectively letting it go forever if you by any chance miss the exact time of your event. This is the answer to your main problem. Fix this and your counter will stop going to zero and back up again.
You're relying on your code correctly checking every single second. But it doesn't.
The nasty decimals you're getting happen when for some reason your code gets delayed and doesn't correctly check the 60th second, which means your division by 60 is not perfectly round and you get 8.7166666 minutes.
If you start by removing the abs calls and generally try to simplify your code a bit, I believe you'll quickly get it to work as intended.
// Edit 1
This is a very naive, but simplified approach to your problem. I left two different outputs in there for you to pick one.
function timer($time) {
echo "$time minutes countdown starts." . PHP_EOL;
// Save the date in future when the timer should stop
$endTime = time() + $time * 60;
// Keeps track of last full minute to simplify logs
$lastFullMinute = $time;
while(true) {
$timeRemaining = $endTime - time();
if ($timeRemaining <= 0) {
// Time remaining is less than zero, which means we've gone beyond the end date.
// End the loop
return;
}
// Round up!
$minutesRemaining = ceil($timeRemaining / 60);
if ($minutesRemaining != $lastFullMinute) {
// Current "minute" is different than the previous one, so display a nice message
// If you want to show how many minutes are remainig, use this:
echo "$minutesRemaining minutes remaining." . PHP_EOL;
// If you want to show how many minutes have passed, you have to take mintutesRemaining away from the original time
$minutesPassed = $time - $minutesRemaining;
echo "$minutesPassed minutes passed." . PHP_EOL;
$lastFullMinute = $minutesRemaining;
}
}
}
The main way for you to improve it further would be to use the sleep function http://php.net/manual/en/function.sleep.php. Currently the while loop will hog all the CPU by constantly checking if the timer happened, so you should sleep for a few seconds inside.
What do you think of this solution? referenced from above
function timer($time) {
echo "$time minutes countdown starts." . PHP_EOL;
// Save the date in future when the timer should stop
$endTime = time() + $time*60;
while(true) {
sleep(20);
$secondsRemaining = $endTime - time();
if ($secondsRemaining <= 0) {
echo 'Finished';
return true;
}
}
}
I currently have a timer set on a session to end in 30 minutes after the session has started.
$now = time();
if($now > $_SESSION['expire']){
session_destroy();
}
And $_SESSION['expire'] is set by this:
$_SESSION['start'] = time(); // taking now logged in time
$_SESSION['expire'] = $_SESSION['start'] + (30 * 60) ;
I want to place a countdown on the site to see how long is left in the session.
So that it would countdown from 30 mins.
How would I go about doing this?
Regards,
Timmy
We already know that the following code in PHP will log the user out after 5 mins of inactivity.
$timeout = 5*60; // Set timeout minutes
$logout_redirect_url = "index.php"; // Set logout URL
if (isset($_SESSION['start_time'])) {
$elapsed_time = time() - $_SESSION['start_time'];
if ($elapsed_time >= $timeout) {
session_unset();
session_destroy();
header("Location: $logout_redirect_url");
}
}
$_SESSION['start_time'] = time();
I want to implement a modification of the current code and do something like this:
Assume the user logs out when he had 3 minutes left before automatic logout(assuming the time doesn't restart for him after his inactivity for 2 minutes), we keep track of the time he has left by storing it in a DB (MySQL) and later on start reducing from the same 3 minutes after he logs back in. How can i do this?
Track by the time used, not the currentTime/storedTime. Just use those to figure out the time remaining. This is a quick example. There may be some small errors and improvements that can be made. It should be plenty to help you implement a solution.
User visits page:
if (empty($_SESSION['start_time'])) {
$_SESSION['start-time'] = time();
}
$timeLeft = //get time from db
//if there is a value in the db, that is the time left, otherwise, use the max time allowed (new timer)
$timeLeft = (!empty($timeLeft)) ? $timeLeft : $timeAllowed
$timePassed = time() - $_SESSION['start_time'];
if ($timePassed > $timeAllowed) {
//logout
}
Then, when the user leaves:
$timeLeft = $timeAllowed - (time() - $_SESSION['start_time']);
//Store $timeLeft in the database - should be a value like 180 (3 minutes)
HI,
i have code for session time out but i dont know whats the issue its not working someone pls look at this and help me. Here is the code:
$inactive = 10;
// check to see if $_SESSION['timeout'] is set
if(isset($_SESSION['timeout']) ) {
$session_life = time() - $_SESSION['timeout'];
if($session_life > $inactive)
{
session_destroy();
header("Location: logoutpage.php"); }
}
$_SESSION['timeout'] = time();
Thanks.
the time() variable returns the current time measured in the number of seconds since the Unix Epoch (January 1 1970 00:00:00 GMT). Your $inactive variable implies you wish to keep sessions open for 10 minutes, but you might find it more convenient to switch this to seconds to stay consistent with using the time() function.
// set inactive to 10 minutes (in seconds)
$inactive = 600;
if (!empty($_SESSION['timeout'])) {
// set session life to current time minus timeout
$session_life = time() - $_SESSION['timeout'];
// check if your session life is greater than 10 minutes
if ($session_life > $inactive) {
session_destroy();
header("Location: logoutpage.php");
die;
}
}
$_SESSION['timeout'] = time();