[prev in list] [next in list] [prev in thread] [next in thread] 

List:       php-windows
Subject:    [PHP-WIN] Session Timeout and forwarding the user to the page he was on.
From:       Vinay Kannan <vinykan () gmail ! com>
Date:       2012-03-23 14:37:09
Message-ID: CANSHHpmwv-RH4NR3pXT1V3P--S6USvgeWjfcH5DDrbBjCsfjdw () mail ! gmail ! com
[Download RAW message or body]


Hi,

I have a small code for auto session time out, which logs out a user upon a
session timeout, i want to get him back to the page he was on, before the
session time out..


<?php
ob_start();
session_start();
if(!isset($_SESSION['username']))
{
header("Location:index.php");
}
$vinkuser=$_SESSION['username'];
//echo $vinkuser;
//echo $_SERVER['start']; // set timeout period in seconds
$inactive = 100; // check to see if $_SESSION['timeout'] is set
if(isset($_SESSION['timeout']) )
{
 $session_life = time() - $_SESSION['timeout'];
  if($session_life > $inactive)
{
$go=$_SERVER['HTTP_REFERER'];
 session_destroy();
 header("Location:index.php?go=$go");
 }
}
$_SESSION['timeout'] = time();
?>

But once the user is logged out by script after inactivity, he has to login
and then he goes back to the home page, i want to send the user back to the
page he was last accessing from which he got logged out.

I tried to use a $go variable and then from login page, send him to that
page, but now i am thinking this might not be a secure way of doing it,
since someone could just replace the location url and gain access to the
username and pswd?



Thanks,
Vinay


[prev in list] [next in list] [prev in thread] [next in thread]