I need all active sessions to be destroyed when I call a certain function. This function when called needs to destory all sessions NOT immediately but after exactly 30 seconds. Even if the user leaves the page where the session was called before the 30 seconds, his browser should still be cleared of all sessions so when he comes back to the site none of those sessions will be active.
Is this possible? If so how would one go about writing such a function?
EDIT
As for why I need this, I have a shopping cart script that when submitted takes the user to paypal to process payment. If I destroy all sessions when the submit button on that payment form is clicked, I can;t pass all the form data onto paypal. If I don't destroy all sessions, when the user comes back to the site the shopping cart is still filled with the contents he purchased before.
I need the cart to be empty when the user comes back. I figured 30 seconds will give the user ample time to go to the paypal page by which point my cart script has already sent all necessary info to paypal. And then destroying all sessions is safe without fearing disruption to service.
So what I need is sort of a timer script that will work on the server side and will destroy the sessions even when the user is no longer on that page.
See http://bytes.com/topic/php/answers/4134-when-how-php-session-expire-can-i-set-minutes-inactivity
Ok, so nevermind my hairbrained sleep() approach.
Set a flag in the session, before you send them over to paypal. Check this flag and clear the session/cart if it's set.
Related
I have built an e-comm site that stores session variables for various uses, though the session is being unexpectedly destroyed and i cant work out why.
The session is being destroyed when a user is redirected back to my site after completing a PayPal payment or a SecurePay payment, but it only happens once, only the first time the completes a payment each day, if that makes sense. For example, if the same user comes an hour later and purchases something else, when the user is redirected back to my website after completeing the second payment the session is not destroyed, it works as intended.
Even when i am testing on non-live payment gateway such as sandbox it will destroy the session when redirecting back to my website, but only the first time, as soon and i make another test payment it will work fine, until the next morning when i try again and it will destroy the session again, etc.
I also now have a ssl certificate for my website as i had read that it could have been destroyed because it's redirecting from a HTTPS:// to a HTTP:// . But having the SSL makes no difference, the session is still being destroyed.
There is also absolutley no code to destroy the session on either of my PayPal or securepay returnURLS
Does anyone know why it might be causing this?
i have a problem with what seems like session timing out and being destroyed, though i currently do not have it set to expire after a certain amount of time, nor do i have the session destroyed anywhere in the code.
Here's what happens in detail,
it's an e-comm site i have 90 % built which also has two payment gateways(PayPal and SecurePay).
first of all, i only have this problem when the website is uploaded to the web host(GoDaddy), i haven't experienced this issue using localhost.
The issue:
I can use my site, everything functioning normal, i can choose
products and checkout successfully through both payment gateways without issue.
When i am finished for the day i'll close the browser as per normal.
The next morning i will again open the browser and navigate to my
site. The website has still retained all the session information
and i can navigate to all my pages without issue, including my shopping cart(my shopping cart
especially relies on session data to work).
During the first time i go to check-out, with either payment gateway, everything functions fine until payment
gateway navigates back to my returnURL, where the session is somehow
destroyed, all the session data is gone and i am logged out.
This only occurs once, specifically the first time i test the
check-out process after a long period of inactivity. As i log
back in after the session is destroyed the issue is does not appear to
happen again, until the next morning.
I would also like to add that the return
urls are quite different for each payment gateway, the PayPal returnURL is a page where
the order is still being processed and the user can change shipping methods rates, SecurePay returns to a page where the
transaction is complete and an invoice is genrated, though the result is the same and the session is destroyed when returning from either payment gateway to the return url.
To fix this i was just going to expire the session after 1 hour of session inactivity. But i'm curios why the session would be destroyed only after returning from the payment gateway and not as soon as the page is opened after such period of inactivity?
I am working on an E commerce web site. We are storing most of the cart details on PHP Sessions.The problem what we are facing is when the customer coming to our website and select any item..... Once he selected the item he left the page for sometime (This will be greater than default session time) and customer is paying the amount after sometime ...What is happening is customer is paying the amount and the amount get deducted from his bank account. When he return bank to our site all the session will get unset...so the database update is not happening ...so my question is
How i can solve this problem ?
What are the best ways and what are the common practices other companies are following ?
Thanks in advance
Try using cookies instead of sessions. Cookies persist until the user explicitly clears them, or they expire (you set the expiration date). Sessions go away when the user closes the browser, or very quickly with time. In php, to read a cookie, use $_COOKIE. To set a cookie, use setcookie() (support an expiration date which is very high. Something like time()+(86400*365), or one year).
if you want to continue using session and still avoid this issue,
there are two options
Change the timeout value in your web.config
assign the session variable to itself in regular interval
the second method will keep sending request to the server which will reset the time of the session expiry.
You can achieve this by calling a function using setTimeout or setInterval in jQuery
You can find more details of how to do the same easily here
I am having problem with session destroy. I am running a script called logout.php in that file I am destroying user session also I am executing a query which will delete my shopping bag. This is working properly but when I closed the browser or session is automatically destroy after sometime , that time I have to delete my shopping bag off course in this situation logout.php will not call. So how can I achieve this .
logout.php :-
<?php
include_once('functions/config.php');
session_start();
$sql = "DELETE FROM baskets WHERE member_id = '".$_SESSION['memid']."' ";
mysql_query($sql);
session_destroy();
header('location:index.php')
?>
I have two answers for this questions:
1) you can clear your shopping bag using javascript event window.onbeforeunload
example:
window.onbeforeunload= function(){
// your ajax call to clear shopping bag
}
2)I will recommend this option:
You can clear users shopping bag on his login.
There is no way to write code that you can safely assume that it's called when a session is destroyed.
Easiest way to do what you want is to set a "last accessed" timestamp on your basket that you update on every access, and then run a cron job (scheduled job) every hour or so that deletes all baskets that haven't been accessed in, let's say, 6 hours or more. That won't delete it at the same time as the session times out, but will keep old baskets out of the database in the long run.
Are you sure you want to clean the shopping bag when (for example) the users' browser closes? You could give a warning like 'You have not logged out correctly last time, do you want to continue shopping or start fresh?' , something like that.
HTTP is a stateless protocol, so you can't tell when a browser actually closes. In my opinion you need to work with session timeouts, so that after a period of time has passed the shopping bag gets cleared anyway unless there still is user activity.
Hope that helps.
i am developing a e-commerce website. The user logs in and buy a product when he checkout the page will redirect to the payment gateway. After the payment is completed it will return back to my website. This is ok. But when it is returning back the session maintained in my website get lost. This happen only for the first time. If the user again logged in and checkout the process works good and the session is maintaining.
Why does the session lost for first time.
I used session_start() in all the pages..
I cannot find the solutions. Kindly help..
Why don't you use javascript? You can create cookie to store your incoming members data.
With Jquery and cookie plugin you can do this very easy, sure you must do login for member to create this data. Some useful links:
http://www.jquery.com/
http://plugins.jquery.com/project/Cookie
http://www.electrictoolbox.com/jquery-cookies/
Why does the session lost for first time.
That's hard to tell because there is not much information in your question.
Normally a session get's lost if the session identifier (or session ID in short) is not passed from one request (page) to the other.
Please see the PHP Manual how the session ID can be passed. You need to take care with your code, for example that the cookie is properly set. If the session cookie is not set, the session id will be gone and session_start will create a new session.