dsm1998
2018-01-30 21:50 浏览 39
已采纳

PHP不活动超时和session_status()

I'm trying to do some protective stuff to prevent pages from accessing databases when a php page has been idle and the session has expired because of inactivity. I'm basing some of it on session_status() and am having issues with that.

Using alerts and console.log, I find the php and js code seems to be ok. When I artificially inject session_status() values, I get the results I expect.

The problem seems to be that session_start() always returns 2 (available) even after the session has timed out.

Should I not expect system_status to be updated automatically after inactivity timeouts? Is there a better way than session_status() to check for session status?

Here is the 'onclick' function that returns '2' for system_status() on an expired page when the button is clicked:

$("#save-to-database").click(function () {

    var active = <?php echo session_status(); ?>;

    if(active == 2) {  //the session is active, do the sort & save

       saveStuff();

    } else {  // the login has expired, abandon this and reload index.php

        window.location.replace("index.php?artist=" + <?php echo $artist ?>);

    }
});
  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享
  • 邀请回答

1条回答 默认 最新

  • 已采纳
    dongxun7962 dongxun7962 2018-01-30 22:35

    This a long way to go about this but this works fine.

    function isSessionActive() {
        session_start();
        $lastActivity=$_SESSION['lastActivity'];
        if ($lastActivity!=null && ($lastActivity+(10*60) > time())) {
            $_SESSION['lastActivity']=time();
            return true;    
        } else {
            deleteSession();
            return false;
        }
    }
    
    function deleteSession() {
        session_start();
        setcookie("PHPSESSID", "", time() - 3600, '/');
        session_unset();
        session_destroy();
    }
    
    点赞 评论 复制链接分享

相关推荐