We already know that the following code in PHP will log the user out after 5 mins of inactivity.
$timeout = 5*60; // Set timeout minutes
$logout_redirect_url = "index.php"; // Set logout URL
if (isset($_SESSION['start_time'])) {
$elapsed_time = time() - $_SESSION['start_time'];
if ($elapsed_time >= $timeout) {
session_unset();
session_destroy();
header("Location: $logout_redirect_url");
}
}
$_SESSION['start_time'] = time();
I want to implement a modification of the current code and do something like this:
Assume the user logs out when he had 3 minutes left before automatic logout(assuming the time doesn't restart for him after his inactivity for 2 minutes), we keep track of the time he has left by storing it in a DB (MySQL) and later on start reducing from the same 3 minutes after he logs back in. How can i do this?
Track by the time used, not the currentTime/storedTime. Just use those to figure out the time remaining. This is a quick example. There may be some small errors and improvements that can be made. It should be plenty to help you implement a solution.
User visits page:
if (empty($_SESSION['start_time'])) {
$_SESSION['start-time'] = time();
}
$timeLeft = //get time from db
//if there is a value in the db, that is the time left, otherwise, use the max time allowed (new timer)
$timeLeft = (!empty($timeLeft)) ? $timeLeft : $timeAllowed
$timePassed = time() - $_SESSION['start_time'];
if ($timePassed > $timeAllowed) {
//logout
}
Then, when the user leaves:
$timeLeft = $timeAllowed - (time() - $_SESSION['start_time']);
//Store $timeLeft in the database - should be a value like 180 (3 minutes)
Related
I need to check if a the time between session_start and current time exceeded 10 minutes. I've tried this:
$session_duration_max = 10; // 10 min
$current_time = time();
if ((time() - $_SESSION['session_start']) > $session_duration_max ) {
// session expired
}
// elsewhere I set session
$_SESSION['session_start'] = time();
But I keep getting 0 when I subtract time() - $_SESSION['session_start'])
What am I missing?
time() is measured in seconds. To correctly set the timeout after 10 minutes, you must multiply the timeout duration by 60 seconds.
// Session does not exist
if(!$_SESSION) {
// First Session:
$_SESSION['session_start'] = time();
}
$session_duration_max = (10 * 60); // 10 min
// Check if current time is larger than timeout
if ((time() - $_SESSION['session_start']) > $session_duration_max ) {
// session expired
// delete session and require
}
Above is a better idea of a system that would make sure timeout is honored.
So I have a php session timer that works but somehow gets bugged out after awhile... this is the code and the console log I got. I'm looking for a fix to this problem, or possibly a different set of code to achieve the same timer effect (as I'm not sure if using session is the best method for a timer)
session_start();
function timer($time) {
//Set the countdown to 120 seconds.
$_SESSION['countdown'] = $time*60;
//Store the timestamp of when the countdown began.
$_SESSION['time_started'] = time();
$now = time();
$timeSince = $now - $_SESSION['time_started'];
$remainingSeconds = abs($_SESSION['countdown'] - $timeSince);
$counter = 0;
$minutes = $remainingSeconds/60;
echo "$minutes minutes countdown starts.".PHP_EOL;
while($remainingSeconds >= 1) {
$now = time();
$timeSince = $now - $_SESSION['time_started'];
if (($timeSince-$counter) >= 60) {
$remainingSeconds = abs($_SESSION['countdown'] - $timeSince);
$counter = $timeSince;
$minutes = $remainingSeconds/60;
echo "$minutes minutes has passed.".PHP_EOL;
}
}
if($remainingSeconds < 1){
session_abort();
return true;
}
}
if($this->timer(30)) {
// do whatever
echo "$time has passed";
}
Here's what happens in the console:
30 minutes countdown starts.
29 minutes has passed.
.... (continue as per pattern)
16 minutes has passed.
15 minutes has passed. (problem occurs here)
8.7166666666667 minutes has passed.
7.7166666666667 minutes has passed.
6.7166666666667 minutes has passed.
.... (continue as per pattern)
0.71666666666667 minutes has passed.
0.28333333333333 minutes has passed.
1.2833333333333 minutes has passed.
2.2833333333333 minutes has passed.
.... (continue as per pattern all the way)
Extra notes: The session timer doesn't always recur this same pattern, there have been times when it ran through the entire 30minutes and managed to echo "$time has passed"; while the bug only occured later on
I haven't run your, but just from reading it I think there are a few things very wrong with it.
Sessions. You're not using them right.
Session values should only be set once, meaning before you do $_SESSION['countdown'] = $time*60; and $_SESSION['time_started'] = time();, you should check if they already exist or not, and only assign if nonexistent. Your current code resets the clock every time the page is refreshed, which defeats the purpose of sessions.
abs. I think you're not using them right either.
You shouldn't abs the remaining seconds all the time. $remainingSeconds = abs($_SESSION['countdown'] - $timeSince); should be allowed to go into negative. Negative remaining seconds mean your timeout has expired / you've missed it! Calling abs means you're effectively letting it go forever if you by any chance miss the exact time of your event. This is the answer to your main problem. Fix this and your counter will stop going to zero and back up again.
You're relying on your code correctly checking every single second. But it doesn't.
The nasty decimals you're getting happen when for some reason your code gets delayed and doesn't correctly check the 60th second, which means your division by 60 is not perfectly round and you get 8.7166666 minutes.
If you start by removing the abs calls and generally try to simplify your code a bit, I believe you'll quickly get it to work as intended.
// Edit 1
This is a very naive, but simplified approach to your problem. I left two different outputs in there for you to pick one.
function timer($time) {
echo "$time minutes countdown starts." . PHP_EOL;
// Save the date in future when the timer should stop
$endTime = time() + $time * 60;
// Keeps track of last full minute to simplify logs
$lastFullMinute = $time;
while(true) {
$timeRemaining = $endTime - time();
if ($timeRemaining <= 0) {
// Time remaining is less than zero, which means we've gone beyond the end date.
// End the loop
return;
}
// Round up!
$minutesRemaining = ceil($timeRemaining / 60);
if ($minutesRemaining != $lastFullMinute) {
// Current "minute" is different than the previous one, so display a nice message
// If you want to show how many minutes are remainig, use this:
echo "$minutesRemaining minutes remaining." . PHP_EOL;
// If you want to show how many minutes have passed, you have to take mintutesRemaining away from the original time
$minutesPassed = $time - $minutesRemaining;
echo "$minutesPassed minutes passed." . PHP_EOL;
$lastFullMinute = $minutesRemaining;
}
}
}
The main way for you to improve it further would be to use the sleep function http://php.net/manual/en/function.sleep.php. Currently the while loop will hog all the CPU by constantly checking if the timer happened, so you should sleep for a few seconds inside.
What do you think of this solution? referenced from above
function timer($time) {
echo "$time minutes countdown starts." . PHP_EOL;
// Save the date in future when the timer should stop
$endTime = time() + $time*60;
while(true) {
sleep(20);
$secondsRemaining = $endTime - time();
if ($secondsRemaining <= 0) {
echo 'Finished';
return true;
}
}
}
I need to build a php session expiry alert / stay logged in prompt for my website.
I have looked at dozens of examples but am confused so back to basics.
Is there a way to display a countdown for the default expiry time?
UPDATE 1
So far - to get a handle on the situation - I have:
echo '<p>This is the $_SESSION[\'expiretime\']: ' . $_SESSION['expiretime'] . '</p>';
echo '<p>This is the time(): ' . time() . '</p>';
$timeleft = time() - $_SESSION['expiretime'];
echo '<p>This is the time() MINUS the $_SESSION[\'expiretime\'] : ' . $timeleft . '</p>';
I'm not certain what the parameter $_SESSION['expiretime'] is but I found it in a thread and it looked interesting. Other than the number of seconds since 1970 I'm not sure what all of this tells me but may be useful for subsequent calcs.
You have to do something like
//Start our session.
session_start();
//Expire the session if user is inactive for 30
//minutes or more.
$expireAfter = 30;
//Check to see if our "last action" session
//variable has been set.
if(isset($_SESSION['last_action'])){
//Figure out how many seconds have passed
//since the user was last active.
$secondsInactive = time() - $_SESSION['last_action'];
//Convert our minutes into seconds.
$expireAfterSeconds = $expireAfter * 60;
//Check to see if they have been inactive for too long.
if($secondsInactive >= $expireAfterSeconds){
//User has been inactive for too long.
//Kill their session.
session_unset();
session_destroy();
} else {
echo("Expire in:");
echo($expireAfterSeconds - $secondsInactive);
}
}
$_SESSION['last_action'] = time();
I want to expire PHP session after 3 hours of user inactivity. Therefore I am using following code.
ini_set('session.gc_maxlifetime', '10800');
ini_set('session.cookie_lifetime', '10800');
But I can't see it is working as expected. It is expiring the session after 3 hours whether I am actively using the application. I want to achieve this from the application. Not from the php.ini file.
How can I use PHP session to expire and Sign Out the user from the application after 3 hours of user inactivity ?
Thanks in advance
You can do something like that in php:
<?php
session_start();
$duration = (DURATION * 60);
if(isset($_SESSION['started']))
{
$showform = 0;
$time = ($duration - (time() - $_SESSION['started']));
if($time <= 0)
{
unset($_SESSION['count']);
unset($_SESSION['offender']);
$showform == 1;
}
}
else
{
$_SESSION['started'] = time();
}
?>
Set the time duration and unset it after the duration expires. Replace Duration text with minutes count like 3 hours = 180 minutes so put 180 there.
I have a time() value saved in a variable like this:
$latest_attempt = 1337980678;
I am trying to calculate some delay.
$remaining_delay = time() - $latest_attempt - $delay;
However the result of $remaining_delay is increasing when I update the browser, and not the way around.
"You must wait 95 seconds before your next login attempt"
If I update some seconds later "You must wait 102 seconds before your next login attempt"
It's doing the opposite what it should doing, instead it would rather decrease than increase. What have I done wrong? I believe I need to do something with latest_attempt variable, but I could not find anything i the php manual.
I'd say, something like this:
$remaining_delay = $latest_attempt + $delay - time();
$time_since_last = time() - $last_attempt;
if ($time_since_last <= $delay) {
$remaining = $delay - $time_since_last;
} else {
... good to go ... delay's expired
}
The remaining delay is the difference between that moment in time when the blockage expires ($last_attempt + $delay because from $last_attempt on, the user is blocked for a period of $delay) and the current time (time()) - therefore the correct formula is:
$remaining_delay = ($latest_attempt + $delay) - time();
if ($remaining_delay > 0) {
die('Access denied, you need to wait another '. $remaining_delay .' seconds');
}