I'm trying to do some protective stuff to prevent pages from accessing databases when a php page has been idle and the session has expired because of inactivity. I'm basing some of it on session_status() and am having issues with that.
Using alerts and console.log, I find the php and js code seems to be ok. When I artificially inject session_status() values, I get the results I expect.
The problem seems to be that session_start() always returns 2 (available) even after the session has timed out.
Should I not expect system_status to be updated automatically after inactivity timeouts? Is there a better way than session_status() to check for session status?
Here is the 'onclick' function that returns '2' for system_status() on an expired page when the button is clicked:
$("#save-to-database").click(function () {
var active = <?php echo session_status(); ?>;
if(active == 2) { //the session is active, do the sort & save
saveStuff();
} else { // the login has expired, abandon this and reload index.php
window.location.replace("index.php?artist=" + <?php echo $artist ?>);
}
});
