Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Check by id if an session exists, without renewing the session's lifetime

Tags:

php

session

lifetime

I'm working in a RIA. We use Memcached to store sessions, and I've installed http://pecl.php.net/package/memcache and my PHP session handler looks like this:

$session_save_path = "tcp://$host:$port?persistent=1&weight=2&timeout=2&retry_interval=10,  ,tcp://$host:$port  ";
ini_set('session.save_handler', 'memcache');
ini_set('session.save_path', $session_save_path);

The session timeout is set to 30min. In my RIA I want periodicly call a serverside script via AJAX to check if the visitor's session is still alive. If the ajax calls returns false I blackout the screen and show a pretty relogbox to continue the session.

Now the problem is with the serverside script. I need to determine if the session exists without extending the lifetime of the session if it does exists.

I'm not completely knowladble about the workings of the session handler, but i'm pretty sure if i would do this:

<?
session_start();
if($_SESSION['loggedin'] == "yes")
    echo "true";
else 
    echo "false";
?>

I'm pretty sure this would renew the session's lifetime (on the serverside, but also on the clientside by sending a new cookie back to the client). And the session would exist indefinetly.

Some options i considered, but excluded:

  • Don't do any serverside calls, but use a javascript timer on the client (expires after 30min for example). This won't work when the user has the RIA open in multiple windows
  • Try to hack around the session_start() to prevent it from sending a new fresh cookie back to the client. This might work for the clientside, but the expirationtime would still be refreshed at the internal session_handling.

I'd like some idea's, T.i.a.

like image 753
Kwaak Avatar asked Dec 04 '25 15:12

Kwaak

1 Answers

You don't have to equate the session timeout with the authorization timeout. I would suggest storing an extra variable in the session, a timestamp of when the user logged in. Then you can consider that the user logged out if the session doesn't exist or the timestamp is too old. As a side effect it will also give you extra precision because the session is not guaranteed to expire exactly when you've set it, but may linger around for a while longer until the garbage collection runs.

As a matter of fact I'd suggest you wrap this functionality in a simple class and do something like this:

$acl->logIn($username); //set the user as logged in
$acl->isLoggedIn($username); //Is he still logged in?

etc, etc

like image 181
Manos Dilaverakis Avatar answered Dec 07 '25 04:12

Manos Dilaverakis
Sign in to Comment

Related questions

Displaying csv content in key value format and storing in a database
Passing counter variable dynamically
How to open PHP socket onto some URL? (like www.ex.com:8080/mySock/)
For securing forms, when do I issue the token?
Is there any opensource Flash+PHP multyuser whiteboard? [closed]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!