当前位置:theitroad>如果用户处于非活动状态 15 分钟,如何使 php 会话过期

如果用户处于非活动状态 15 分钟,如何使 php 会话过期

声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow 原文地址: http://stackoverflow.com/questions/9124560/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me): StackOverFlow

提示:将鼠标放在中文语句上可以显示对应的英文。显示中英文
时间:2020-08-26 06:13:06  来源:igfitidea点击:

how to expire php session if user is inactive for 15 mins

phpsession

提问by mack

i have created one project in PHP, into which i am managing sessions.

我在 PHP 中创建了一个项目,我正在其中管理会话。

I am creating session in my config.php file by writing following line of code.

我通过编写以下代码行在我的 config.php 文件中创建会话。

session_start();

and to destroy this session, in logout.php file i have write following line.

为了销毁这个会话,在 logout.php 文件中,我写了以下行。

session_destroy();

and i have not mention any code for session in any other project file, but the problem is session is active untill i call logout.php,

我没有在任何其他项目文件中提到任何会话代码,但问题是会话是活动的,直到我调用 logout.php,

what i want is session should expire if user is inactive for 15 minutes.

我想要的是,如果用户处于非活动状态 15 分钟,会话应该过期。

can anyone help me for this, i am new to PHP, please give some example code or link to achieve this..

任何人都可以帮助我,我是 PHP 新手,请提供一些示例代码或链接来实现这一点..

回答by Kamal Joshi

Call below function in your header file, so that whenever user does any activity at that time page gets refreshed and check whether session time outs or not.

在您的头文件中调用以下函数,以便每当用户在该时间进行任何活动时页面都会刷新并检查会话是否超时。

function auto_logout($field)
{
    $t = time();
    $t0 = $_SESSION[$field];
    $diff = $t - $t0;
    if ($diff > 1500 || !isset($t0))
    {          
        return true;
    }
    else
    {
        $_SESSION[$field] = time();
    }
}

Use something like this in header

在标题中使用类似的东西

    if(auto_logout("user_time"))
    {
        session_unset();
        session_destroy();
        location("login.php");          
        exit;
    }

User_time is the session name. I hope this answer will help you. What actually this code does is : "Checks whether diff is greater than 1500 seconds or not. If not then set new session time." You can change time diff(1500) according to your requirement.

User_time 是会话名称。我希望这个答案对你有帮助。这段代码的实际作用是:“检查 diff 是否大于 1500 秒。如果不是,则设置新的会话时间。” 您可以根据您的要求更改时间差异(1500)。

回答by user1186779

try

尝试 

  ini_set('session.gc_maxlifetime',54000);  
  ini_set('session.gc_probability',1);
  ini_set('session.gc_divisor',1);

use this before calling session_start()

在调用 session_start() 之前使用它

回答by Bhaumik Mehta

Store time()in the $timevariable. create variable called $setTimeand set the time you want user to timeout.

存储time()$time变量中。创建调用的变量$setTime并设置您希望用户超时的时间。

After that check the condition that if $_SESSION['setTime']is empty OR not set then store the timeout value into the session, otherwise when the page will refresh the new value will be assigned to the $_SESSION['setTime'].

之后检查条件,如果$_SESSION['setTime']为空或未设置,则将超时值存储到会话中,否则当页面刷新时,新值将分配给$_SESSION['setTime'].

$time = time ();
    $setTime = time () + 60;
    if (empty ( $_SESSION ['setTime'] ) || !isset ( $_SESSION ['setTime'] )) {
        $_SESSION ['setTime'] = $setTime;
    }

After that check that current time is more than equal to the stored time. and if it is unset the session. destroy the session as well.

之后检查当前时间是否大于等于存储的时间。如果未设置会话。也销毁会话。

if (time () >= ( int ) $_SESSION ['setTime']) {
   session_unset ();
   session_destroy ();
}

回答by ayush

You can use something like this

你可以使用这样的东西

# Session Logout after in activity 
function sessionX(){ 
    $logLength = 1800; # time in seconds :: 1800 = 30 minutes 
    $ctime = strtotime("now"); # Create a time from a string 
    # If no session time is created, create one 
    if(!isset($_SESSION['sessionX'])){  
        # create session time 
        $_SESSION['sessionX'] = $ctime;  
    }else{ 
        # Check if they have exceded the time limit of inactivity 
        if(((strtotime("now") - $_SESSION['sessionX']) > $logLength) && isLogged()){ 
            # If exceded the time, log the user out 
            logOut(); 
            # Redirect to login page to log back in 
            header("Location: /login.php"); 
            exit; 
        }else{ 
            # If they have not exceded the time limit of inactivity, keep them logged in 
            $_SESSION['sessionX'] = $ctime; 
        } 
    } 
}

But remember Function sessionX() MUST come after session_start()

但记住函数 sessionX() 必须在 session_start() 之后

See details here

在此处查看详细信息

回答by Ian Jaxe

I know this is an answered question but I just wanted to share my experience and since I feel like this is a more easy approach. I'm not sure if this is the best way but here goes. What I did was:

我知道这是一个有答案的问题,但我只是想分享我的经验,因为我觉得这是一种更简单的方法。我不确定这是否是最好的方法,但这里是。我所做的是:

  1. I set a PHP Session ($_SESSION['timeout']) to current time (time()) when the user logged in.

  2. Wrote the following function to validate whether the user is active.

  1. 当用户登录时,我将 PHP 会话 ($_SESSION['timeout']) 设置为当前时间 (time())。

  2. 编写了以下函数来验证用户是否处于活动状态。

function sessionTimeOut() {

// This function is adding 900 seconds (15 Minutes, which is the amount of time you want the user to // be inactive to automatically logout) to the previously registered time when the user was last active. // Then, its checking whether the current time is greater than the amount of time you want the user to // stay logged in without timing out (which is 15 minutes). If it's greater, then you are redirected to the // login page where you can initiate a logout function with http://www.yourwebpage/login.php?status=timeouton the URL.

if ($_SESSION['timeout'] + 900 > time()) {

  // User Active so reset time session.
  $_SESSION['timeout'] = time();

} else {

  // session timed out then redirect to login page
  header('Location:http://'. $_SERVER[HTTP_HOST] . '/login.php?status=timeout');

}

}

函数 sessionTimeOut() {

// 此函数将 900 秒(15 分钟,这是您希望用户 // 处于非活动状态以自动注销的时间量)与用户上次活动时的先前注册时间相加。// 然后,它检查当前时间是否大于您希望用户保持登录状态而不会超时的时间(即 15 分钟)。如果它更大,那么您将被重定向到 // 登录页面,您可以在其中使用 URL 上的http://www.yourwebpage/login.php?status=timeout启动注销功能。

如果($_SESSION['超时'] + 900 > 时间()){

  // User Active so reset time session.
  $_SESSION['timeout'] = time();

} 别的 {

  // session timed out then redirect to login page
  header('Location:http://'. $_SERVER[HTTP_HOST] . '/login.php?status=timeout');

}

}

Lastly: Call sessionTimeOut(); function in the header after checking if user is logged in. This allows the function to be called every time the user refreshes or navigates to a new page. Thus, it works perfectly (atleast in my case), fulfils my purpose, so I thought I'd just share it with you guys.

最后:调用 sessionTimeOut(); 检查用户是否登录后在标题中的函数。这允许每次用户刷新或导航到新页面时调用该函数。因此,它完美运行(至少在我的情况下),实现了我的目的,所以我想我只想与你们分享。

回答by Marichika

This is in continuation to what Kamal posted. I tried same code but made it work it by modifying it as below:

这是 Kamal 发布的内容的延续。我尝试了相同的代码,但通过如下修改使其工作:

/* code */
function fnlogout($field)
{
    $t = time();
    if (!isset($_SESSION[$field]))
        $_SESSION[$field] = time();
    $t0 = $_SESSION[$field];
    $diff = $t - $t0;
    if ($diff > 60)
    {        
        return true;
    }enter code here
    else
    {
        return false;
    }
}
function fnheader()
{
    if(fnlogout("user_time"))
    {
        session_unset();
        session_destroy();
        header("location:index.php?action=expired");
        exit;
    }
}

Yes, Kamal is right about the location of code inserts. One part as function and other in header of each file or common header function.

是的,Kamal 关于代码插入的位置是正确的。一部分作为函数,另一部分在每个文件的头或公共头函数中。

相关推荐

php 本地主机 http 500 内部服务器错误

php 本地主机 http 500 内部服务器错误

带有 utf-8 的 php substr() 函数叶子?标记在最后

带有 utf-8 的 php substr() 函数叶子?标记在最后

php Codeigniter ion auth 试图将登录用户的用户名放入字符串中

php Codeigniter ion auth 试图将登录用户的用户名放入字符串中

PHP,mysql_query 不工作

PHP,mysql_query 不工作

相关推荐
最近更新
标签