PHP - 使会话在 X 分钟后过期
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/3770150/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
PHP - make session expire after X minutes
提问by Moon
i am using the following technique...
我正在使用以下技术...
From the login.phpthe form posts to the page check.phpwhere i do this
从login.php表单发布到check.php我执行此操作的页面
<?php
$uzer = $_POST['user_name'];
$pass = $_POST['user_pass'];
require ('DB_connection.php');
$result = mysql_query("SELECT * FROM accounts WHERE user_Name='$uzer' AND user_Pass='$pass'");
if( mysql_num_rows( $result ) > 0)
{
$array = mysql_fetch_assoc($result);
session_start();
$_SESSION['user_id'] = $uzer;
header("Location:loggedin.php");
}
else
{
header("Location:login.php");
}
?>
and on loggedin.phppage the first thing i do is
在loggedin.php页面上我做的第一件事是
<?php
session_start();
if( !isset( $_SESSION['user_id'] ) )
{
header("Location:login.php");
}
else
{
echo ( "this session is ". $_SESSION['user_id'] );
//show rest of the page and all
}
?>
but once logged in when i directly type the url localhost\myProject\loggedin.phpit displays the page...which makes perfect sense because the session has started
但是一旦登录,当我直接输入 url 时,localhost\myProject\loggedin.php它会显示页面......这很有意义,因为会话已经开始
what i want to implement is
我想要实现的是
- The direct URL \ session works for 10 minutes after that the session is terminated\expired\timed out and then use must login again and may get the same session id but after 10 minutes use won't be able to browse with the same session
- 直接 URL \ 会话在会话终止\过期\超时后工作 10 分钟,然后使用必须再次登录并可能获得相同的会话 ID,但 10 分钟后使用将无法使用相同的会话进行浏览
WHAT DO I NEED TO DO OR LEARN
我需要做什么或学习什么
回答by Lekensteyn
Store a timestamp in the session:
在会话中存储时间戳:
<?php
$uzer = $_POST['user_name'];
$pass = $_POST['user_pass'];
require ('DB_connection.php');
// Hey, always escape input if necessary!
$result = mysql_query(sprintf("SELECT * FROM accounts WHERE user_Name='%s' AND user_Pass='%s'", mysql_real_escape_string($uzer), mysql_real_escape_string($pass));
if( mysql_num_rows( $result ) > 0)
{
$array = mysql_fetch_assoc($result);
session_start();
$_SESSION['user_id'] = $uzer;
$_SESSION['login_time'] = time();
header("Location:loggedin.php");
}
else
{
header("Location:login.php");
}
?>
Check if the timestamp is within the allowed time window (600 seconds is 10 minutes):
检查时间戳是否在允许的时间窗口内(600 秒为 10 分钟):
<?php
session_start();
if( !isset( $_SESSION['user_id'] ) || time() - $_SESSION['login_time'] > 600)
{
header("Location:login.php");
}
else
{
// uncomment the next line to refresh the session, so it will expire after ten minutes of inactivity, and not 10 minutes after login
//$_SESSION['login_time'] = time();
echo ( "this session is ". $_SESSION['user_id'] );
//show rest of the page and all
}
?>
回答by Kyle
I would look at session_set_cookie_paramsand ini_set("session.gc_maxlifetime", "18000");
我会看看session_set_cookie_params和ini_set("session.gc_maxlifetime", "18000");
