I have a two php page: users-authentication.php and
session.php. The page users-authentication.php is a php page that contain HTML code and it is to be displayed on a web browser whereas the session.php is to be run on the back-end and it is non-displayable.
The page users-authentication.php called session.php as shown below. For simplicity, most of the code for
users-authentication.php is not shown, but all of the code
for session.php is shown below.
If the page users-authentication.php is closed and then I open a new web page and go to users-authentication.php again, it asked for a username and password. This works.
If I do not close the page and waited for 15 minutes or after and then I clicked on certain part of the users-authentication.php web page, it still let me clicked on it. Instead, it should have directed me to the index.py page
because the time out was set for 15 minutes.
//////////////////////////////////////////////////////////////////////
Code:
//users-authentication page
<?php
//users-authentication.php
//The page session.php is below
@require( "session.php" ) ;
// Ensure we have a proper session.
// The function below resided within session.php
checkSessionCookies( ) ;
?>
////////////////////////////////////////
<?php
// session.php page
// Session handling/management functions for logging in.
// Set session timeout here for 15 minutes
$_LIFETIME_ = time() + ( 15 * 60 ) ;
@session_set_cookie_params( $_LIFETIME_ ) ;
// Note: Defaults to ending when browser is closed.
function checkSessionCookies( )
{
global $HTTP_COOKIE_VARS ;
global $HTTP_SERVER_VARS;
if( !strlen( $HTTP_COOKIE_VARS[USERNAME] ))
{
// Not logged in; redirect.
Header( "Location: index.py" ) ;
exit ;
}
global $HTTP_SESSION_VARS ;
$HTTP_SESSION_VARS[userid] = $HTTP_COOKIE_VARS[USERNAME] ;
if( !strcmp( $userid, "admin" ))
return 2 ;
else
return 1 ;
}
?>