Hi there,

I'm so confused at the moment. I'm trying to figure out how to end a users php session on my server based upon the time they have been logged in.

So what I've got:

When users sign in, there session_id and last_activity time are recorded in a mysql table. Everytime the user requests a page there last_activity time is udpated to the current time. So I have a script that is run that checks the current time against the last_activity time of all the users in the table (so all the users signed in).

So this script that runs I want it to end the sessions if there last activity time is longer than 60 minutes. How do I do this? I figured I would do something as simple as:

session_end($sid);

But I can't seem to find anything like that. Could someone please shed some light on what I'm tyring to do. I know zillions of forums out there do this dont they?

Hi,
I think that it is possible (havent tried it though) to do what you want, but I think that the logic should be reversed (more on this later ).

If you want to erase a particular session (that is, eliminate all the content of the _SESSION array) you could set the id of the session (since you have it), set it in the _COOKIE array (you should check which one is the correct key, I think it is PHPSESSID but I am sleepy and dont remember hehehe) then start the session, and finally destroy it. It would be something like this:

I think that (now that I have just read a bit) there is a function called session_id which you can use to set the current session ID. This I have not tried, but it makes sense to me:

Which I like better if it works


But given the pasive nature of web programming, you could implement what you want in two ways:

1) Setting the SESSION cookie to expire after 60 minutes. This will make the cookie to be lost and would end up the session.

2) When the user request a webpage, you have to check its session (you are doing this now). Within this check you can add another condition where it compares the current time with the last activity time you have saved in your database. If it doesnt fullfill this condition, you just erase his session and send him to the login page.


You can probably can do both (number 1 is very dumb) but number 2 is the one I like the most, since it gets nicely with the pasive nature of web development. But if the solution of destroy the session works, then I believe it would be easy to implement for your particular project, since you have done most of the work already


Well, I hope this is useful.
Cheers!

Well, you don't really need to store session id in database at all. You can setup the expiration of the session using the php.ini variables. However, if you're looking to do an "online now" type of thing, you can store the session_id in the database and then update as you mentioned above. Something like "DELETE FROM SESSION WHERE last_activity < NOW() - INTERVAL 2 HOUR" or whatever to cleanup the database to reflect close to the actual session expiration.

Ooh, Thank you so much! I didn't know I could make the script assume a session id that has already been implemented. I didn't know they worked that way.

I could make a Cookie that just expires in 60 minutes, but then I have to write a script that updates the last activity time for the cookie everytime they move around the pages. And I've already done that with the database. And then i'd have to some check thing to see if their cookie is still set and if its not then delete record in the database.

So yeh, I agree number 2 it is! And yes, session_id() works. Its what I'm using right now. Thank you so much!

+10!!!

Can I set in the PHP.ini for the Session to Expire only after they've stopped doing site activity? Is that how it works?