Forum Moderators: coopster
session_cache_expire(10); //10 minutes
session_start();
{
some data processing
}and to logout i am using
unset($_SESSION['user']);
unset($_SESSION['pass']);
session_destroy();
echo 'Logged out successfully';
and for processing
if(isset($_SESSION['user']) && isset($_SESSION['pass']))
{
user is logged in
}
Are the above codes sufficiently secure andy other suggestions or corrections?
Is the session cache expire used in correct way?
I want to completely expire the session and clear all variables after 10 minutes what else can be done?
or else how will you make it yourself?
You worry about data stored in sessions?
Probably, you are thinking about it the wrong way.
What is your session data? Stuff you got from or put into the database probably?
Why not just leave it in the session? My sessions are tied to users, unless someone is not logged in, in which case it is tied to the cookie.
Do something on the site, come back in another country next year and log in, and I will open your session for you again. I am not wasting disk space. I am only storing in your session what other people store in a database.
My database has an easy time. I only put into the database things which I need to SELECT or UPDATE. If I want to search by client account status, then I put it into the database. If not, then I leave it in the individual objects.
Get out of the habit of abusing your database. You don't need multiple JOINS just to log someone in and show their homepage! Save an object for them with everything you need to know, and link it by their user_id.
Now you will find your database is fast, and your objects are easy to work with! Free yourself from the constant INSERT/UPDATE/DELETE cycle of linked IDs and tables for every small action.
Some code which you could share?
I liked your idea and that should be done by most programmers (free db from multicle update cycles)
