sesion automatic expiry

[funbinod]

I want to setup my session to expire automatically if any user is inactive for certain period.

for that I've tried this---

$laquery = mysqli_query($connect, "SELECT lastActive FROM user WHERE cid=$cid AND uid=$uid") or die ("Error: ".mysqli_error($connect));$larow = mysqli_fetch_object($laquery);$lastActive = $larow->lastActive;$now = date('Y-m-d H:i:s');//echo strtotime($now) - strtotime($lastActive);if (strtotime($now) - strtotime($lastActive) > 1200) {	mysqli_query($connect, "UPDATE user SET isloggedin='N' WHERE cid=$cid AND uid=$uid") or die("Error: ".mysqli_error($connect));	$user->logout();	session_start();	$_SESSION['error'] = "Timeout!";	die(header("location: login.php"));} else if (strtotime($now) - strtotime($lastActive) < 1200) {	mysqli_query($connect, "UPDATE user SET lastActive = '$now' WHERE cid=$cid AND uid=$uid") or die ("Error: ".mysqli_error($connect));}

it worked fine until the browser is closed unexpectedly like system crash, direct close, etc..

but if the browser is closed without logging out, then the user is remained logged in.

is there any better way of setting automatic session expiry time??

[Ingolme]

With the way you're doing things, the only solution would be to have a cron job running every once in a while deleting all sessions that have not been active for 20 minutes or however long your sessions are.

The query in the cron job would be something like this:

"UPDATE user SET isloggedin='N' WHERE lastActive < " . ($now - 1200)

You probably should use PHP sessions instead, they expire automatically when the browser closes.

When using PHP sessions, if you want to show the names of people who are logged in, just save the current time every time they load a page:

UPDATE user SET lastActive = '$now' WHERE uid=$uid

The loggedIn field won't be necessary with this method because the fact that your session is active should be enough indication that the user is logged in.

If you want to show a list of logged in users use the lastActive field:

'SELECT username FROM user WHERE lastActive >= ' . ($now - 1200)

This assumes your lastActive field is of type INT with a UNIX timestamp in it, which I find is the best way to store dates.

[funbinod]

this means each time any user uses any page, the sessions are destroyed if the last active time is greater than d specified time? if so is it good to deal with other users' session?

 

again,

does using php sessions expire every time d browser closes and IF SYSTEM CRASHES also???

[Ingolme]

Yes, PHP sessions are guaranteed to expire as soon as the browser closes because they use a cookie that expires when the browser session is over. The cookie is on the client's computer, so you don't need to keep track of all the users, each user's browser uses the cookie to determine if the session is still open or not.

 

The last active time isn't really part of the session, it's just to keep a record of when the user was last online so that the program can tell people if it has been longer or shorter than 20 minutes since the user last visited. All the session data is handled by the PHP session system and not by the database.