dpwqicw157673 2012-07-09 11:07
浏览 38
已采纳

PHP会话超时脚本[重复]

This question already has an answer here:

I have this code that logs a user out if they don't change pages for 10 minutes.

$inactive = 600;

if(isset($_SESSION['timeout']) ) {
  $session_life = time() - $_SESSION['timeout'];
  if($session_life > $inactive) { 
    header("Location: logout.php"); 
  }
}

$_SESSION['timeout'] = time();

As you can see it's pretty straightforward. I include this function at the top of all my protected pages and if the script isn't run for 10 minutes, the next time you refresh the page, the user is sent to my logout script.

However that's the problem. After $session_life > $inactive becomes true, the script needs to be run again for the user to be logged out. I need the person to be immediately logged out as soon as this becomes true.

Is there any way to do this without things getting too complicated? (i.e. not using AJAX)

</div>
  • 写回答

4条回答 默认 最新

  • dongniechi7825 2012-07-09 11:10
    关注

    No. Your PHP code runs on every request. If you want the timeout to trigger "immediately" then you have to either spam the server with continuous requests (bad idea) or move the timeout logic to client-side code.

    An appropriate solution could be to start a Javascript timer when the page loads and redirect the user to the logout page when the timer expires. If the user navigates to another page in the meantime the current timer would be discarded automatically and a new one started when that page loads. It can be as simple as this:

    <script type="text/javascript">
    setTimeout(function() { window.location.href = "logout.php"; }, 60 * 10);
</script>

    Update: Of course, you should also keep the server-side code to enforce the business rule on your own side. The Javascript will give you an "optimal" scenario when the client side cooperates; the PHP code will give you a guarantee if the client side works against you.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(3条)

报告相同问题?

  • PHP会话超时/注销 php
    2015-11-17 00:53
    回答 3 已采纳 When you exit your browser, it will clear all SESSIONS. That is why you always have to relogin eve
  • PHP会话变量请求时间 php
    2019-03-07 11:29
    回答 1 已采纳 Unless you do these session read/write operations millions of times (e.g. in a loop) you shouldn't
  • drupal 7重定向会话超时 php
    2018-07-17 05:35
    回答 1 已采纳 This could be an interesting option for you, the following module will show you an automate popup
  • 一个严格的PHP Session会话超时时间设置方法
    2020-10-25 20:00
    PHP会话超时时间设置是一个重要的网站安全和用户体验功能。在互联网应用中,通过设置合理的时间限制,可以防止用户在离开设备时忘记登出,从而避免账户被他人冒用的风险。同时,也能够根据业务需求,管理用户会话的...
  • PHP会话不更新变量 php
    2018-08-17 09:28
    回答 2 已采纳 session_start() must be the second thing on your page after <?php. HTML tags must be placed aft
  • PHP LDAP会话持久性 php
    2019-02-04 15:31
    回答 1 已采纳 The problem is not about LDAP, the problem is about HTTP. HTTP is a stateless protocol whereas LD
  • PHP会话干扰子域会话 php
    2017-11-21 17:01
    回答 1 已采纳 Since they share the same domain, they are the same site and share a session. You can manually ov
  • php登录超时检测功能实例详解
    2020-10-20 03:49
    php登录超时检测通常涉及前端JavaScript定时任务与后端PHP脚本的交互,下面将详细介绍其核心知识点。 ### php登录超时检测原理 php登录超时检测的原理主要是通过前端的JavaScript定时请求后端接口,检查用户是否...
  • PHP标头/会话问题[重复] php
    2013-11-23 02:42
    回答 1 已采纳 As the error message tells you, there is already an output before the call of session_start. Becau
  • PHP会话 - 几个问题 php
    2017-02-22 09:59
    回答 3 已采纳 No, the session garbage collection is managed by the system, based on the session.gc_maxlifetime
  • PHP会话传播 php
    2017-03-13 10:01
    回答 1 已采纳 first you have to read what have been removed and edited in php (session.configuration) versions
  • php会话超时,如何在PHP中更改会话超时
    2021-03-24 09:33
    番言的博客 如果使用PHP的默认会话处理,在所有平台上可靠地更改会话持续时间的唯一方法是更改php.ini..这是因为在某些平台中,垃圾收集是通过每隔一段时间运行的脚本实现的(克隆(脚本)直接从php.ini,因此,任何在运行时更改它...
  • PHP会话问题
    2021-02-23 06:23
    5. **会话超时**:适当设置会话超时时间,既能提高安全性,又能减少服务器存储负担。超时后,可提示用户重新登录。 四、最佳实践 1. **安全编码**:确保在使用会话数据时进行充分的输入验证和清理,防止注入攻击。...
  • PHP Cookie:Session详解.md
    2024-06-13 16:49
    - **会话生命周期**:会话在创建时开始,并在会话超时、注销或关闭浏览器时结束。 - **安全性**:由于 Session 数据存储在服务器上,相对于 Cookie 而言,它更安全,不容易被篡改。 **2. PHP 中操作 Session 的...
  • php curl获取网页内容(IPV6下超时)的解决办法
    2020-10-27 02:36
    当我们在使用PHP的cURL库来获取网页内容时,如果遇到IPv6环境下超时的问题,这通常是由于cURL在开启IPv6支持的情况下,会优先尝试解析IPv6地址。如果目标网站的域名并没有配置IPv6地址,cURL会等待IPv6解析失败之后...
  • 没有解决我的问题, 去提问

悬赏问题

  • ¥60 请查询全国几个煤炭大省近十年的煤炭铁路及公路的货物周转量
  • ¥15 请帮我看看我这道c语言题到底漏了哪种情况吧!
  • ¥66 如何制作支付宝扫码跳转到发红包界面
  • ¥15 pnpm 下载element-plus
  • ¥15 解决编写PyDracula时遇到的问题
  • ¥15 有没有人能解决下这个问题吗,本人不会编程
  • ¥15 plotBAPC画图出错
  • ¥30 关于#opencv#的问题:使用大疆无人机拍摄水稻田间图像,拼接成tif图片,用什么方法可以识别并框选出水稻作物行
  • ¥15 Python卡尔曼滤波融合
  • ¥20 iOS绕地区网络检测