Welcome to WebmasterWorld Guest from 54.145.209.34

Forum Moderators: coopster & jatar k

Logging out

Clearing session info on a time out

   
3:43 pm on Jul 18, 2002 (gmt 0)

10+ Year Member



I am having some problems with session variables on an intranet web application. If the session times out, the session variable do not seem to clear nor does the session abandon. Does anyone have any ideas?
4:49 pm on Jul 18, 2002 (gmt 0)

10+ Year Member



if you're using PHP, there's a variable called session.gc_maxlifetime which specifies the number of seconds after which data will be seen as 'garbage' and cleaned up. (reference: php.net [php.net])

now the problem with that is let's say user A starts a session at 1h00 and then leave for 45 minutes (and you previously set session.gc_maxlifetime to 30 minutes). Now technically what happens is that user A session data should be erased, but that will only happens if an other user let's call him user B, show up between 1h30 and 1h44. Otherwise, user A will still have access to it's old session data.

mavherick

6:00 pm on Jul 18, 2002 (gmt 0)

WebmasterWorld Senior Member lorax is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



Hello Sandi and welcome to WMW.

I'm about to tackle this issue myself and was wondering about setting the default server time-out page to a custom PHP page which has the following:

session_unset(); //kills all session variables
session_destroy(); // kills the session

This would allow me to build whatever PHP applications on the internal network I wanted and if any of them time-out then the session kill will be run.

On the other hand I'm thinking of a chron job set for 2 hours or so.

 

Featured Threads

Hot Threads This Week

Hot Threads This Month