i am using the following technique…
From the login.php
the form posts to the page check.php
where i do this
<?php $uzer = $_POST['user_name']; $pass = $_POST['user_pass']; require ('DB_connection.php'); $result = mysql_query("SELECT * FROM accounts WHERE user_Name='$uzer' AND user_Pass='$pass'"); if( mysql_num_rows( $result ) > 0) { $array = mysql_fetch_assoc($result); session_start(); $_SESSION['user_id'] = $uzer; header("Location:loggedin.php"); } else { header("Location:login.php"); } ?>
and on loggedin.php
page the first thing i do is
<?php session_start(); if( !isset( $_SESSION['user_id'] ) ) { header("Location:login.php"); } else { echo ( "this session is ". $_SESSION['user_id'] ); //show rest of the page and all } ?>
but once logged in when i directly type the url localhostmyProjectloggedin.php
it displays the page…which makes perfect sense because the session has started
what i want to implement is
- The direct URL session works for 10 minutes after that the session is terminatedexpiredtimed out and then use must login again and may get the same session id but after 10 minutes use won’t be able to browse with the same session
WHAT DO I NEED TO DO OR LEARN
Advertisement
Answer
Store a timestamp in the session:
<?php $uzer = $_POST['user_name']; $pass = $_POST['user_pass']; require ('DB_connection.php'); // Hey, always escape input if necessary! $result = mysql_query(sprintf("SELECT * FROM accounts WHERE user_Name='%s' AND user_Pass='%s'", mysql_real_escape_string($uzer), mysql_real_escape_string($pass)); if( mysql_num_rows( $result ) > 0) { $array = mysql_fetch_assoc($result); session_start(); $_SESSION['user_id'] = $uzer; $_SESSION['login_time'] = time(); header("Location:loggedin.php"); } else { header("Location:login.php"); } ?>
Check if the timestamp is within the allowed time window (600 seconds is 10 minutes):
<?php session_start(); if( !isset( $_SESSION['user_id'] ) || time() - $_SESSION['login_time'] > 600) { header("Location:login.php"); } else { // uncomment the next line to refresh the session, so it will expire after ten minutes of inactivity, and not 10 minutes after login //$_SESSION['login_time'] = time(); echo ( "this session is ". $_SESSION['user_id'] ); //show rest of the page and all } ?>