The Shed is going Social! Join us on FaceBook and Twitter and chime in on the conversation.
|
 |
|
Dev Shed Forums
> Programming Languages
> PHP Development
|
Problem with login script - Could use help
Discuss Problem with login script - Could use help in the PHP Development forum on Dev Shed.
Problem with login script - Could use help PHP Development forum discussing coding practices, tips on PHP, and other PHP-related topics. PHP is an open source scripting language that has taken the web development industry by storm.
|
|
 |
|
|
|
|
Dev Shed Forums Sponsor:
|
|
|
February 17th, 2013, 08:32 PM
|
|
Registered User
|
|
Join Date: Jul 2007
Posts: 22
Time spent in forums: 5 h 34 m 23 sec
Reputation Power: 0
|
|
|
Problem with login script - Could use help
I am having an issue where I am getting logged out of my session even though I am actively using the site. It is currently set to 30 minutes of inactivity before logging a user out, but it is not working correctly.
Here is the function:
PHP Code:
function logincheck()
{
if ($_SESSION['UserLoggedIn']!="yes")
{
echo "You must be logged in to view this page:<br/>";
echo "<meta http-equiv=\"refresh\" content=\"2;url=login.php?action=login\">";
die();
}
if (!isset($_SESSION['CREATED']))
{
$_SESSION['CREATED'] = time();
}
else if (time() - $_SESSION['CREATED'] > 1800)
{
// session started more than 30 minates ago
session_regenerate_id(true); // change session ID for the current session and invalidate old session ID
$_SESSION['CREATED'] = time(); // update creation time
}
if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > 1800))
{
// last request was more than 30 minates ago
session_destroy(); // destroy session data in storage
session_unset(); // unset $_SESSION variable for the runtime
}
$_SESSION['LAST_ACTIVITY'] = time(); // update last activity time stamp
}; // end FUNCTION logincheck()
So, as far as how I expected this to work, if the user is logged in and does nothing for 30 minutes (I.e., doesn't change pages) he/she will be logged out after 30 min. (session destroyed)
However, if they go to another page that calls logincheck(), which each page does, it should check last activity time and if less than 1800 seconds, reset the last activity time to current, thereby keeping the session active. But like I said, I can be on the site for 30 minutes, changing pages, performing actions, and it still logs me out. I can't find any error in this script. Can you?
Thanks all.
|
February 17th, 2013, 09:25 PM
|
 |
pollyanna
|
|
Join Date: Jul 2012
Location: Germany
|
|
Hi,
are you sure you actually start the session on each page? Because for some reason, there is no session_start() in your function.
Apart from that, I don't see any error, nor could I reproduce the problem you described. If the above doesn't work, start debugging your code: - Turn on all error messages with error_reporting(-1)
- Does the session actually get destroyed by the function? Check that by outputting something in the corresponding if statement.
- If it does get destroyed by the function, check the concrete value of LAST_ACTIVITY
You should also fix several style issues in your code: - Remove the semicolon at the end of the function block. It has no use and generates an empty statement.
- Fix the code indentation.
- else if should be elseif.
- Unless your PHP is out of date, consider using the DateTime class instead of the low-level time function
|
February 17th, 2013, 09:31 PM
|
|
Registered User
|
|
Join Date: Jul 2007
Posts: 22
Time spent in forums: 5 h 34 m 23 sec
Reputation Power: 0
|
|
Thanks for the reply, and yes, the code is a bit sloppy 
As far as session_start(), yes, that is at the top of the page -- this code is included in functions.inc.php ... Every page does indeed have session_start() as the first command.
I will try putting an echo in after the session_destroy and see what it says. I see no reason why it should be doing this.
|
February 20th, 2013, 09:32 PM
|
|
Registered User
|
|
Join Date: Jul 2007
Posts: 22
Time spent in forums: 5 h 34 m 23 sec
Reputation Power: 0
|
|
|
I have tried to echo the session_destroy() but I am getting nothing. I can be working on the site for 30 minutes, and without fail, the next time I refresh a page or go to another, I am logged out.
This is going to be very problematic as logged in users are working with time consuming data entry, and if they get logged out before it gets saved, I just lost a user.
I have tried using the site in both firefox and chrome and get the same situation.
I have gone over the code again, and still cannot find any reason why it wouldn't be working. Anyone smarter than me able to find a problem?
Thanks again...
|
February 20th, 2013, 10:47 PM
|
 |
Lost in code
|
|
|
|
|
What is the expiration date on the session cookie that PHP is sending?
Remove all of the code from your logincheck() method except the first if block; does the problem still happen?
What does phpinfo say are your settings for the session configuration?
|
February 26th, 2013, 11:02 PM
|
|
Contributing User
|
|
Join Date: Aug 2010
Location: Tustin, ca
Posts: 38
Time spent in forums: 12 h 7 m 21 sec
Reputation Power: 3
|
|
|
So far I have not found any error, you need to debug the code at each level and see what is happening. Check the variables name if they are being used correctly, i mean the spelling and all that. Also you need to check with your configuration settings. Hope this will helps you.
|
Developer Shed Advertisers and Affiliates
| Thread Tools |
Search this Thread |
|
|
|
| Display Modes |
Rate This Thread |
 Linear Mode
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
