如果用户在 php 中空闲,如何注销会话
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/3453831/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
how to logout session if user idle in php
提问by sudh
I am new to php and am trying to build a website. I would like to logout user session if he is idle for some time. I searched the web but i couldn't find the proper code. How do you check whether user is idle or not in php?. Can anyone help me please.
我是 php 新手,正在尝试建立一个网站。如果他闲置了一段时间,我想注销用户会话。我在网上搜索,但找不到正确的代码。你如何在 php 中检查用户是否空闲?任何人都可以请帮助我。
回答by Cam
There are a few ways to do this. Here are a couple...
有几种方法可以做到这一点。这里有一对...
set a session expiry time, such that after a certain amount of time, the session expires and is no longer valid.
set a 'time' flag as session data, and check if their session is still 'new enough' to keep them logged in each pageload.
设置会话过期时间,这样在一定时间后,会话过期并且不再有效。
将“时间”标志设置为会话数据,并检查他们的会话是否仍然“足够新”以保持他们在每个页面加载中的记录。
I would opt for the second choice, as it can be difficult to set the right values in PHP such that the session expires securely, and the way you want it to. With the second option, all you have to do is make sure the session will notexpire beforeyou want it to, which is easier.
我会选择第二个选项,因为很难在 PHP 中设置正确的值以使会话安全地过期,以及您想要的方式。使用第二个选项,您所要做的就是确保会话不会在您希望之前过期,这更容易。
Code example for option 2:
选项 2 的代码示例:
//on pageload
session_start();
$idletime=60;//after 60 seconds the user gets logged out
if (time()-$_SESSION['timestamp']>$idletime){
session_destroy();
session_unset();
}else{
$_SESSION['timestamp']=time();
}
//on session creation
$_SESSION['timestamp']=time();
EDIT:
编辑:
Your comment explains that you'd actually like to keep track of mouse events and other things on the client side to determine if the user is idle. This is more complicated. I will give a general solution, and then offer a couple suggestions for optimizations and improvements.
您的评论说明您实际上希望在客户端跟踪鼠标事件和其他事情,以确定用户是否空闲。这个比较复杂。我会给出一个通用的解决方案,然后提供一些优化和改进的建议。
To accomplish what you've described, you must track clientside activity(mouse movements, keyboard strokes etc) and process that information on the server side.
要完成您所描述的工作,您必须跟踪客户端活动(鼠标移动、键盘敲击等)并在服务器端处理该信息。
Tracking clientside activitywill require javascript event handlers. You should create an event handler for every action you want to count as 'not being idle', and keep track (in a javascript variable) of when the last time they've been idle is.
跟踪客户端活动将需要 javascript 事件处理程序。您应该为每个要算作“非空闲”的操作创建一个事件处理程序,并跟踪(在 javascript 变量中)它们上次空闲的时间。
Processing that info on the server sidewill require you to use ajaxto send the last time they've been idle to the server. So every few seconds, you should send the server an update (using javascript) which specifies how long the user has been idle.
在服务器端处理该信息将需要您使用ajax将它们最后一次空闲时发送到服务器。因此,每隔几秒钟,您应该向服务器发送一个更新(使用 javascript),指定用户空闲的时间。
A couple extra suggestions:
一些额外的建议:
You should not rely on this ajax solution as the only way to track user activity, as some users will not have JS enabled. So, you should also track user activity on pageload. Accordingly you should probably not set the idle time too low (at least for non-JS users), as non-JS users will not be sending any data to the server until pageloads occur.
You should send updates to the server via ajax as infrequently as possible about user activity to decrease demand on the server. To do this, simply have javascript keep track of when the user would time out. If it gets to the point where the user is about to time out (say, in about a minute or so), then and only thenping the server.
你不应该依赖这个 ajax 解决方案作为跟踪用户活动的唯一方法,因为有些用户不会启用 JS。因此,您还应该跟踪页面加载上的用户活动。因此,您可能不应该将空闲时间设置得太低(至少对于非 JS 用户而言),因为在页面加载发生之前,非 JS 用户不会向服务器发送任何数据。
您应该尽可能少地通过 ajax 向服务器发送有关用户活动的更新,以减少对服务器的需求。要做到这一点,只需让 javascript 跟踪用户何时超时。如果它到了用户即将超时的地步(例如,大约一分钟左右),然后才可以ping 服务器。
回答by Bang Dao
You can config the PHP - configuration for session.cookie_lifetime, this will automatic destroy session after amount of idle time.
More information can be found here http://www.php.net/manual/en/session.configuration.php#ini.session.cookie-lifetime
您可以为 配置 PHP 配置session.cookie_lifetime,这将在空闲时间后自动销毁会话。
更多信息可以在这里找到http://www.php.net/manual/en/session.configuration.php#ini.session.cookie-lifetime
回答by Amirouche Douda
You can use session_cache_expire, I give you this example :
你可以使用session_cache_expire,我给你这个例子:
<?php
/* set the cache limiter to 'private' */
session_cache_limiter('private');
$cache_limiter = session_cache_limiter();
/* set the cache expire to 30 minutes */
session_cache_expire(30);
$cache_expire = session_cache_expire();
/* start the session */
session_start();
echo "The cache limiter is now set to $cache_limiter<br />";
echo "The cached session pages expire after $cache_expire minutes";
?>
Source : php.net
来源:php.net
