New Topic/Question
Reply
<?php
//Start session
session_start();
//Check whether the session variable id is present or not
if(!isset($_SESSION['id']) || (trim($_SESSION['id']) == '')) {
header("location: access_denied.php");
exit();
}
?>
So this bit of code basically redirects the user to an access denied page, if the user isn't authenticated otherwise, the user can access the page. Right below that bit of code, I have this code that ends the session after 15 minutes of inactivity.
<?php
//address error handling
ini_set ('display_errors', 1);
error_reporting (E_ALL & ~E_NOTICE);
//Get the current page url to pass on to the session expired page.
$url=urlencode("http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > 900)) {
// last request was more than 15 minates ago
session_destroy(); // destroy session data in storage
session_unset(); // unset $_SESSION variable for the runtime
header("location: session_expired.php?url=$url");
}
$_SESSION['LAST_ACTIVITY'] = time(); // update last activity time stamp
?>
What do I need to do to keep the session permanently active until either the 15 minutes is reached or I manually sign out ? Often times the page upon refreshing, gets redirected to the access_denied.php which clearly indicates that my session id is not lingering on and gets destroyed prematurely. What do I do??
MultiQuote
| 