Getting a session to expire after a certain length of time

[gchaves]

I am new to PHP programming. A good programming friend and I have created a site using PHP and MySQL. We have decided to use sessions to allow registered users the ability to log in to the site using a login name and password. (see portion of script below). The script works fine in that it allows users to login and, when they log out, they cannot use the back button to get back into the site (as it redirects them to the login page). What we are trying to do is to get the session to expire after, say, fifteen minutes of non-use (if the user logs in and then walks away from their computer for an extended amount of time, the session will automatically expire and will redirect the user to the login page...and prevents anyone else from jumping on the user's computer and monkey-ing with the secure portion of the site.) My code is below. What else do we need to add in order to get the session to expire after 15 minutes?

Thanks,
Greg

<?php
/* Program: Login.php
Desc: Login program for the Members Only section of the
referral form. It provides two options: (1) login using an
existing Login Name and (2) enter a new login name. Login
Names and passwords are stored in a MySQL database.
*/
session_start();
session_register('$_SESSION[auth]'); // 9
session_register('$_SESSION[logname]');
session_register('$_SESSION[ID]');
session_register('$_SESSION[ID_agency]');
include(&quot;functions.php&quot;
include(&quot;cup.inc&quot;
switch (@$do) // 12
{
case &quot;login&quot;: // 14
$connection = mysql_connect($host, $user,$password) // 15
or die (&quot;Couldn't connect to server.&quot;
$db = mysql_select_db($database, $connection)
or die (&quot;Couldn't select database.&quot;

$sql = &quot;SELECT un FROM agents WHERE un='$fusername'&quot;;
//echo $sql;
$result = mysql_query($sql)
or die(&quot;Couldn't execute query.&quot;
$num = mysql_num_rows($result); // 23
if ($num == 1) // login name was found 24
{
$sql = &quot;SELECT un, c_name, ID FROM agents WHERE un='$fusername' AND pw=password('$fpassword')&quot;;
$result2 = mysql_query($sql)
or die(&quot;Couldn't execute the query.&quot;
$num2 = mysql_num_rows($result2);
if ($num2 > 0) // password is correct
{
// 32
$_SESSION[auth]=&quot;yes&quot;; // 34
$_SESSION[logname]=$fusername;

$today = date(&quot;Y-m-d h:m:s&quot; // 36
$row=mysql_fetch_array($result2);
$_SESSION[ID_agency]=$row[ID]; // 35
$sql = &quot;INSERT INTO login (un,logintime)
VALUES ('$_SESSION[logname]','$today')&quot;;
mysql_query($sql) or die(&quot;Can't execute this query.&quot;
if ($row[c_name]){
header(&quot;Location: agent_form.php&quot;
}
else {
$_SESSION[ID]=$row[ID];
header(&quot;Location: register.php&quot;
}
}
else // password is not correct // 42
{
unset($do); // 44
$message=&quot;The Login Name, '$fusername' exists,<br>but you have not entered the correct password!<br>Please try again.<br>&quot;;
include(&quot;login_form.inc&quot; // 48
}
} // 50
elseif ($num == 0) // login name not found // 51
{
unset($do); // 53
$message = &quot;The Login Name you entered does not
exist!<br>Please try again.<br>&quot;;
include(&quot;login_form.inc&quot;
}
break;

 

[sleipnir214]

You might store a timedate number in the session store, too. Every script would check that number to see if the session store is fresh enough to be used. If it is fresh enough, scripts would update that timedate number.

Want the best answers? Ask the best questions:

http://www.catb.org/~esr/faqs/smart-questions.html

TANSTAAFL!!

 

[KempCGDR]

Don't auto-logout and redirect, it is stupidly annoying. One site I go to has that and it has big articles to read, problem is that halfway through reading (or if you open more than one and read them one at a time, or just leave one open for reference, or anything else) it logs you out and you have to go through the process of logging in again to keep reading. It is one of the most annoying systems I have ever been subjected to.