Richard Korts
asked on
php Session timeout warning
We have an app whereby the session times out after a predetermined time; each client can set their own time.
How can I determine when "time is running out" (for example, maybe 75% or 80% of the timeout has passed).
I am managing this "manually" as follows:
if ($_SESSION['tout'] != 0) {
$tdiff = time() - $_SESSION['alast_used'];
if ($tdiff > $_SESSION['tout']) {
session_destroy();
header ("location: index.php");
}
}
$_SESSION['tout'] contains the time allowed & is set (from a database) when the user logs in.
Each program has the code above. $_SESSION['alast_used'] is set to the current time at login.
The obvious problem with this approach is when the timeout occurs, they are "logged out" & returned to the login page with no message, etc.
I can see how to do a message but I don;'t know how to determine when it's 75% of the way there.
I know banks do this.
How can I?
Thanks
How can I determine when "time is running out" (for example, maybe 75% or 80% of the timeout has passed).
I am managing this "manually" as follows:
if ($_SESSION['tout'] != 0) {
$tdiff = time() - $_SESSION['alast_used'];
if ($tdiff > $_SESSION['tout']) {
session_destroy();
header ("location: index.php");
}
}
$_SESSION['tout'] contains the time allowed & is set (from a database) when the user logs in.
Each program has the code above. $_SESSION['alast_used'] is set to the current time at login.
The obvious problem with this approach is when the timeout occurs, they are "logged out" & returned to the login page with no message, etc.
I can see how to do a message but I don;'t know how to determine when it's 75% of the way there.
I know banks do this.
How can I?
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Great!
Thanks for the points, ~Ray
Thanks for the points, ~Ray
I know this question is closed but I felt it worth adding my 2c worth.
My personal preference is not to poll the server. Rather on page load put a javascript call to setTimeout with a value that will be enough to give the person warning the session is about to expire. So if the session is 10 min long then
Function warn_user can then be an alert or a custom popup - with a custom popup you can put a countdown to give the person time to make the click.
You mentioned banks - here is how my bank does it.
Session timeout is 5 min- the window pops after 4.5 min and gives 30seconds to respond.
The argument for polling is that server and client clocks might be inconsistent relative to each other. However, if this is the case then it will be in milliseconds not seconds.
The above should be more than adequate for the purposes you have described.
My personal preference is not to poll the server. Rather on page load put a javascript call to setTimeout with a value that will be enough to give the person warning the session is about to expire. So if the session is 10 min long then
setTimeout("warn_user()", 600000);
Function warn_user can then be an alert or a custom popup - with a custom popup you can put a countdown to give the person time to make the click.
You mentioned banks - here is how my bank does it.
var session_duration=270000;
function resetTimer(){
setTimeout("showWarning()", session_duration);
}
function showWarning(){
warningWin = window.open(count_down_URL,"warningWin","menubar=no,location=no,resizable=no,scrollbars=no,status=no,width=200,height=200");
}
The above code pops a window with a 30 second countdown.Session timeout is 5 min- the window pops after 4.5 min and gives 30seconds to respond.
The argument for polling is that server and client clocks might be inconsistent relative to each other. However, if this is the case then it will be in milliseconds not seconds.
The above should be more than adequate for the purposes you have described.
ASKER
To julianH
Thanks; that's essentially exactly what I did.
It occurred to me BEFORE Ray answered that it HAS to be on the client side because the server cannot know until a request is made.
I was always fascinated from the beginning of the web about the "stateless" way that it works. It was obvious to me from the outset that that was the ONLY way it could work and do what it does; billions of transactions every second.
Thanks; that's essentially exactly what I did.
It occurred to me BEFORE Ray answered that it HAS to be on the client side because the server cannot know until a request is made.
I was always fascinated from the beginning of the web about the "stateless" way that it works. It was obvious to me from the outset that that was the ONLY way it could work and do what it does; billions of transactions every second.
ASKER
I built a test using JavaScript with a set timer, etc.
Works good.