This is my first time posting. I believe I've searched through a bit of the other forums to see if my question has already been asked, but I'm still left scratching my head. I know there's a lot of postings about expired sessions, but I'm thinking in terms of a specific scenario, I guess.
A user is logged into the Dashboard and goes to a page. It sits idle for how ever long, then the garbage collector does its thing and clears the session.
Now, if the user goes back to the Dashboard and clicks to go to another page, I would like to have the user return to the index page - effectively log out.
I have a logout page that the user can go to when they choose to log out. I record some data in the database, remove the session and redirects back to the home page.
I would like to first check if the session is indeed alive. If not, destroy it and redirect to the home page. Otherwise, delete it.
But my question is, if the garbage collector had already cleared the session, do I even need to destroy it?
<?php
session_start( );
if( !isset( $_SESSION['session'] ) ) {
session_destroy( );
header( "Location: /index.php" );
}
else {
// ... log the data I need in the database ...
$_SESSION['session'] = array( );
if( ini_get( "session.use_cookies" ) ) {
$params = session_get_cookie_params( );
setcookie( session_name( ), '', time( ) - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"] );
}
session_destroy( );
header( "Location: /index.php" );
}
?>
