[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2061
  • Last Modified:

Idle timeout in Apache/php

Hi experts,
How should i implement the idle timeout functionality in my php pages. I want to set a centralized idle timeout setting. Instead of setting it in all php pages, is there any way i can do it in a centralized manner. The php pages are deployed in apache server.
I want the idle time out to be set as 30min.

Thanks
0
sandhya01
Asked:
sandhya01
  • 5
  • 3
2 Solutions
 
Ray PaseurCommented:
What do you want to make happen after the 30 minutes?
0
 
sandhya01Author Commented:
I want it to get redirected to my logout.php page.

Is there something that can be done in .htaccess or php.ini file, as i am interested in providing a centralized idle time out setting.
0
 
Ray PaseurCommented:
Makes sense.  How about this for a 30-minute timeout?  I have not tested it, so beware of my ever-present typos.  The theory is sound. ;-)

A usual component of a "logout" is to eliminate the client's session.  In a moment I will post an example script for that purpose.
<?php 
// CHANGE THE SESSION TIMEOUT VALUE
// 60*60 * 8 = 8 HOURS
// STORE THIS VALUE IN A VARIABLE SO IT IS EASY TO CHANGE AND TEST
$my_timeout_value = 60*30; // 30 MINUTES
 
// SET THE LIFETIME IN THE SCRIPT (OR USE PHP.INI)
ini_set('session.gc_maxlifetime', $my_timeout_value);
 
// MAKE THE SESSION COOKIE AVAILABLE TO ALL SUBDOMAINS
// OUR GOAL IS A DOMAIN NAME THAT STARTS WITH DOT AND OMITS WWW OR OTHER SUBDOMAINS.
// BREAK THE HOST NAME APART AT THE DOTS
$x = explode('.', strtolower($_SERVER["HTTP_HOST"]));
if (!is_array($x)) // MAYBE 'localhost'?
{
   $host = $x;
} else // SOMETHING LIKE 'www2.atf70.whitehouse.com'?
{
// USE THE LAST TWO POSITIONS TO MAKE THE HOST DOMAIN
   $y    = count($x);
   $host = '.' . $x[$y-2] . '.' . $x[$y-1];
}
 
// START THE SESSION AND SET THE COOKIE FOR ALL SUBDOMAINS
$sess_name = session_name();
if (session_start())
{
   setcookie($sess_name, session_id(), NULL, '/', $host, FALSE, TRUE);
}
 
// OTHER THINGS MAY GO HERE, AND... 
// WHEN WE WRITE THE HTML WE INCLUDE THIS INSTRUCTION TO THE BROWSER
echo "\n<meta http-equiv=\"refresh\" content=\"$my_timeout_value;url=/logout.php\" />\n";

Open in new window

0
Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

 
Ray PaseurCommented:
Here is how to handle the logout portion of the process.

HTH, ~Ray
<?php // RAY_logout.php
error_reporting(E_ALL);
 
define('COOKIE_LIFE', 60*60*24); // A 24-HOUR DAY IN SECONDS ( = 86,400 )
$cookie_expires	= time() - date('Z') - COOKIE_LIFE;
 
// CLEAR THE INFORMATION FROM THE $_SESSION ARRAY
$_SESSION = array();
 
// IF THE SESSION IS KEPT IN COOKIE, FORCE SESSION COOKIE TO EXPIRE
if (isset($_COOKIE[session_name()]))
{
   setcookie(session_name(), '', $cookie_expires, '/');
}
 
// TELL PHP TO ELIMINATE THE SESSION
session_destroy();
 
// CLEAR ALL COOKIES WITH THIS CODE
foreach ($_COOKIE as $key => $value)
{
   setcookie($key, '', $cookie_expires, '/');
}
 
// OPTIONAL BUT MAYBE A GOOD IDEA - REDIRECT TO THE HOME PAGE
header("Location: /");
exit;
?>

Open in new window

0
 
sandhya01Author Commented:
Hi
I have created a logout.php page seperately, that handles all my session related variables and cookies.
so by including this in all the page:

$logout_url = 'http://'.$_SERVER['HTTP_HOST'].'/logout.php';
header( "refresh: 1800; url=$logout_url");

I am able to provide the idle time out feature in my php pages.

What you all think of the above code, is it fine to do like this/

Thanks

0
 
Ray PaseurCommented:
I think that would work.  It does the same thing as the <meta> tag - tells the browser to start a clock and where to go when the clock expires.

Either way, meta or header, the refresh IS GOING TO OCCUR when the clock expires, even if the cleint is still typing.  

Best regard, ~Ray
0
 
sandhya01Author Commented:
The answer were good but I had a better solultion to the questions, which even was accepted by the Experts. Even though, I express thanks to everyone who tried to help me.

Thanks
0
 
Ray PaseurCommented:
sandhya01: For the benefit of others, would you please post your solution?  Thanks. ~Ray
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 5
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now