session_start(); | session_destroy();

Report · Dec 21, 2010

Hello, everyone:

I have created in my database that when someone logs in that their "session_start()" gets logged into their user account. I also made that when a user logs out that their session is destroyed "session_destroy()". Session_start() produces a UUID such as this computer of numbers and letters "1c57e7291a2de14d0fe08baaee1eba4b". What I would like to happen is that if the user logs out not only is their session is destroyed but also the UID is terminated so that if the user logs back on they do not still have the same session of "1c57e7291a2de14d0fe08baaee1eba4b" but changes it to another and different UID session. Is this possible rather than a new session only starts when a Internet browser is closed down and reponed?

Thank you.

Report · Dec 22, 2010

AdonaiEchad wrote:
What I would like to happen is that if the user logs out not only is their session is destroyed but also the UID is terminated so that if the user logs back on they do not still have the same session of "1c57e7291a2de14d0fe08baaee1eba4b" but changes it to another and different UID session.

The PHP Manual page for session_destroy() shows the code you need to destroy the session ID.

However, this works only if the user actually logs out. To ensure that a new session ID is generated each time a person logs in, you need to use session_regenerate_id(). The Log In User server behavior in Dreamweaver CS5 was updated to regenerate the session ID automatically after a user's credentials have been authenticated.

Report · Dec 22, 2010

Thank you David, that helps a lot.

David, is there a possibility that lets say a user logs in and in my database under a user account I have setup a tinyint "0" for offline and "1" for online. Now I setup already that if the user makes the webapge idle to log them out. However, how can I log someone out if they click on the close button on their web browser?

So my main objective is that if the browser is idel it logs the user out and regenerates and destorys the session UID. The additional objective is that if a user closes their browser without signing out or logging out that the code in the webpage will update the database that the user is now offline. Is this possible?

Report · Dec 23, 2010

AdonaiEchad wrote:
So my main objective is that if the browser is idel it logs the user out and regenerates and destorys the session UID. The additional objective is that if a user closes their browser without signing out or logging out that the code in the webpage will update the database that the user is now offline. Is this possible?

Using Ajax, you could probably use the onUnload event on the <body> tag to send a request to update the database and log out the user. However, that assumes that the user has JavaScript enabled in the browser, and that the page is actually closed. So, it's not 100% reliable.

Since you seem to be concerned about a page being idle for a given time, It's probably a lot simpler to create a session variable that records the time when a user logs in. On each page, compare the value of the session variable with the current time. If it's within your time limit, update the session variable to the current time. If it's beyond the time limit, destroy the session, and log out the user.

I'm not sure if you have any of my books, but the code for this is in "PHP Solutions". In the first edition, it's PHP Solution 9-8. In the second edition, it's PHP Solution 9-9.

Report · Dec 24, 2010

As matter of fact I do have your first edition of PHP Solutions and yes I did do exactly what you said. So the time session is looking for that if the browser is doing nothing after so many hours to log the individual out.

The only problem is that I am using the header(); to bring that page to the logout page, what I want to do is where after the session has expired or gone over its time limit that it refeshes the page. Is this possbile?

You mentioned Javascript in the body tag what would I be using as code in there.

Thanks David.

Report · Dec 24, 2010

As matter of fact I do have your first edition of PHP Solutions and yes I did do exactly what you said. So the time session is looking for that if the browser is doing nothing after so many hours to log the individual out.

The only problem is that I am using the header(); to bring that page to the logout page, what I want to do is where after the session has expired or gone over its time limit that it refeshes the page. Is this possbile?

You mentioned Javascript in the body tag what would I be using as code in there.

Thanks David.

Report · Dec 25, 2010

David, I was wondering if I use a function in all my pages using a <?php include('../_assets/includes/timeConnection.inc.php'); ?> above the
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.

And in that page of <?php include('../_assets/includes/timeConnection.inc.php'); ?> is the following code.

<?php

if (!isset($_SESSION)) {

session_start();

}

// set a time limit in seconds

$timeLimit = 5; // for demonstration purposes

// get the current time

$now = time();

// if timeLimit has expired, destory session and redirect

if($now > $_SESSION['start'] + $timeLimit) {

function exitUser() {

echo '<META HTTP-EQUIV="Refresh" CONTENT="10;URL=http://messianicondemand/admin/logout.php">';

}

} else {

// if it's got this far, it's OK, so updatae start time

$_SESSION['start'] = time();
}?>

And call up the function within the <head> tags such as...

<?php exitUser(); ?>

I am getting an error such as the following...

Fatal error: Call to undefined function exitUser() in /Users/LOMMI/Sites/messianicondemand/admin/index.php on line 143

However, if I refesh the page after the 5 seconds ($timeLimit = 5;) it will show the normal index.php and then it will forward to the logout.

Can a function work?

Report · Dec 26, 2010

I don't really understand what it is you're trying to do, but the reason you get the fatal error is obvious. The function is defined within a conditional statement, so it can be called only if that condition is fulfilled.

Report · Dec 26, 2010

I know if the function is out of the statement then it works.

There is no way that the function can be executed within a statement as I have or am I coding it wrong?

Report · Dec 26, 2010

As I said before, it's not clear what you're trying to do. But surely the logic is clear to you? You define the function only if the user has exceeded the time limit, so you can't call the function elsewhere in the script unless the time limit has been exceeded. You can't call a function that doesn't exist.

What's not clear is why you're defining a function in the first place. You only need a function if you want to execute the same code in multiple places. If the code is going to be executed only once, you don't need a function. Just execute it in the conditional statement.

If executing the code in the conditional statement causes problems for the rest of the script, create a Boolean variable (a flag) to control what happens later on. For example:

// initialize flag
$outOfTime = true;
// if not out of time, reset the flag
if($now < $_SESSION['start'] + $timeLimit) {
  $outOfTime = false;
}
// other code
// code to run if out of time
if ($outOfTime) {
  // do what you want if the time limit is exceeded
}

Conditional statements control the flow of your script. If this, do that. Else do something else.

If a condition isn't fulfilled, the script inside the curly braces never runs.