PHP 会话超时脚本
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/11393849/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
PHP session timeout script
提问by AzzyDude
I have this code that logs a user out if they don't change pages for 10 minutes.
我有这个代码,如果用户在 10 分钟内不更改页面,则将用户注销。
$inactive = 600;
if(isset($_SESSION['timeout']) ) {
$session_life = time() - $_SESSION['timeout'];
if($session_life > $inactive) {
header("Location: logout.php");
}
}
$_SESSION['timeout'] = time();
As you can see it's pretty straightforward. I include this function at the top of all my protected pages and if the script isn't run for 10 minutes, the next time you refresh the page, the user is sent to my logout script.
如您所见,它非常简单。我将此函数包含在所有受保护页面的顶部,如果脚本未运行 10 分钟,则下次刷新页面时,用户将被发送到我的注销脚本。
However that's the problem. After $session_life > $inactive becomes true, the script needs to be run again for the user to be logged out. I need the person to be immediately logged out as soon as this becomes true.
然而这就是问题所在。在 $session_life > $inactive 变为 true 后,需要再次运行脚本才能让用户注销。一旦这成为现实,我需要立即注销该人。
Is there any way to do this without things getting too complicated? (i.e. not using AJAX)
有没有办法做到这一点而不会让事情变得太复杂?(即不使用 AJAX)
回答by Jon
No. Your PHP code runs on every request. If you want the timeout to trigger "immediately" then you have to either spam the server with continuous requests (bad idea) or move the timeout logic to client-side code.
不会。您的 PHP 代码会针对每个请求运行。如果您希望超时“立即”触发,那么您必须向服务器发送连续请求(坏主意)或将超时逻辑移至客户端代码。
An appropriate solution could be to start a Javascript timer when the page loads and redirect the user to the logout page when the timer expires. If the user navigates to another page in the meantime the current timer would be discarded automatically and a new one started when that page loads. It can be as simple as this:
适当的解决方案可能是在页面加载时启动 Javascript 计时器,并在计时器到期时将用户重定向到注销页面。如果用户在此期间导航到另一个页面,当前计时器将被自动丢弃,并在该页面加载时启动一个新计时器。它可以像这样简单:
<script type="text/javascript">
setTimeout(function() { window.location.href = "logout.php"; }, 60 * 10);
</script>
Update:Of course, you should also keep the server-side code to enforce the business rule on your own side. The Javascript will give you an "optimal" scenario when the client side cooperates; the PHP code will give you a guarantee if the client side works against you.
更新:当然,您还应该保留服务器端代码以在您自己的方面强制执行业务规则。当客户端配合时,Javascript 会给你一个“最佳”的场景;如果客户端对您不利,PHP 代码将为您提供保证。
回答by Avinash
You can do it by subtrcting the current time say time(); to the time you want. try this link.
你可以通过减去当前时间来做到这一点,比如 time(); 到你想要的时间。试试这个链接。
回答by Alexander Ivanov
I've got an idea that I tested and it works on my server setup - it uses linux calls to set up a delayed removal of the session file. This is purely server-side and kills the session exactly when it should. You must have permissions to run shell commands though.
我有一个我测试过的想法,它适用于我的服务器设置 - 它使用 linux 调用来设置会话文件的延迟删除。这纯粹是服务器端的,它会在应该的时候准确地终止会话。但是,您必须具有运行 shell 命令的权限。
$inactive = 600;
# if there is a delayed removal - cancel it
if (isset($_SESSION['pid'])) shell_exec('kill -9 '.$_SESSION['pid']);
# compose path to session file
$sesspath = session_save_path().'/sess_'.session_id();
# set up a delayed removal to destroy the session after $inactive seconds and
# get its PID
#
# you can put whatever command you like inside the single quotes (call a logout
# php script perhaps?)
$_SESSION['pid'] = shell_exec("nohup sh -c 'sleep $inactive && rm $sesspath' > /dev/null & echo $!");
回答by harryd
I'd include a meta refresh in the header of the page, and check how long it's been since the page was output. Some simple server side logic can accomplish that.
我会在页面的标题中包含一个元刷新,并检查自页面输出以来已经过去了多长时间。一些简单的服务器端逻辑可以实现这一点。
