0

I'm trying to time out the session if the user doesn't use the site.. I've seen on the internet this function being used by others: 

ini_set('session.gc_maxlifetime', 10);

I've put this function in my code but nothing happens. Doesn't timeout and I have no errors. What am I doing wrong?

Here's the code I've put it in:

<?php 
ini_set('session.gc_maxlifetime', 10);
session_start();
ob_start();
include("dbinfo.inc.php"); 

$comm=@mysql_connect($host,$username,$password);
$rs=@mysql_select_db($database) or die( "Unable to select database"); 

// username and password sent from form 
$myusername=$_POST['username']; 
$mypassword=$_POST['password']; 

// To protect MySQL injection
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM login WHERE username='$myusername' and password=sha1('$mypassword')";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1)
{
// Register $myusername, $mypassword and redirect to file "home.html" if successful
$_SESSION['username'] = $myusername;
$_SESSION['password'] = $mypassword; 
header("Location:home.php");
}
?>
Lloyd
  • 435
  • 3
  • 12
  • 29
  • Please check http://stackoverflow.com/questions/3428153/php-ini-setsession-gc-maxlifetime-5-why-it-doesnt-end-the-session – mesutozer Mar 29 '14 at 17:12
  • I've seen that post already and tried to implement the solution in my code but having no luck :/ – Lloyd Mar 29 '14 at 17:15
  • In fact it is not a solution. It explains why setting `session.gc_maxlifetime` in your script would not work. – mesutozer Mar 29 '14 at 17:17
  • ah yeah your right.. I'm not sure what else to use to timeout a session :/ – Lloyd Mar 29 '14 at 17:19
  • You can still use session.gc_maxlifetime. But you need to set it's value in php.ini or .htaccess file. Be aware that this will expire sessions even if they are active. If you need to timeout idle sessions, that is a different story. – mesutozer Mar 29 '14 at 17:21
  • I've just googled how to do it but I'm not sure how it will fit in with my code. I have an if statement above each page checking if session is set or not.. I don't know how I'll get that and session timeout working together – Lloyd Mar 29 '14 at 17:26
  • In order to calculate session timeout, you have to have session started. So it should not be a problem – mesutozer Mar 29 '14 at 17:27
  • yeah your right, only problem is I'm a beginner with HTML and PHP. I don't really know where to start – Lloyd Mar 29 '14 at 17:29
  • how would I start coding this? been trying a couple of ways but having no luck :/ – Lloyd Mar 29 '14 at 17:44
  • I found a good answer, hope it helps: http://stackoverflow.com/questions/3453831/how-to-logout-session-if-user-idle-in-php – mesutozer Mar 29 '14 at 17:45
  • I haven't got that problem working yet.. but can I ask you another question I've got.. I'm thinking of having the website use HTTPS instead of HTTP. How would I go about doing this? Thanks. – Lloyd Mar 29 '14 at 20:16
  • I would try to help but I believe this has no end.. Why don't you google for "https on apache (including your OS like centos/ubuntu may help finding easiest tutorial)". This textarea, my English, my time not enough to express what those tutorials have.. sorry – mesutozer Mar 29 '14 at 20:27

1 Answers1

0
    <?php 
    session_start();

    include("dbinfo.inc.php"); 

    if(empty($_SESSION['username'] )){

    echo "Please login.Time out";


    }
underscore
  • 6,495
  • 6
  • 39
  • 78