Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
Oracle
New Member
New Member


Joined: Oct 19, 2003
Posts: 5

PostPosted: Mon Oct 20, 2003 11:49 pm Reply with quote

Hello,

Is there anyone know if it's possible to enable session timeout at a certain amount of time, or after the user closed the web broswer, he/she will need to re-login again?

I found that it is pretty unsafe to have a registered user login who doesn't aware that their account will be used by the next person who opened up the browser from the same computer.

Is there any way to get around it?

Thanks for any advice!

Cheers! Smile
 
View user's profile Send private message
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17086

PostPosted: Tue Oct 21, 2003 7:27 am Reply with quote

This has been hotly debated many times Laughing It certainly can be done, but consider how irritating it can be when typing in a lengthly article, news post, story, etc. and you press Submit and BANG! You've timed out and possibly lost everything you typed. It's happened to me many times and I hate it! And not all users even close their browsers it still comes back to the inus is on the USER. The system can't do everything. I understand your issue especially if it is a shared PC. There have been no good solutions presented that I know of.
 
View user's profile Send private message
Frogger
Worker
Worker


Joined: Oct 06, 2003
Posts: 108

PostPosted: Tue Oct 21, 2003 7:52 am Reply with quote

I used to find this irritating, but like in other things have more important issues to worry with.

When I log out (of admin especially), I make sure I'm logged out.
 
View user's profile Send private message Send e-mail Visit poster's website Yahoo Messenger ICQ Number
Oracle
PostPosted: Tue Oct 21, 2003 1:54 pm Reply with quote

I hear ya.. that's very true ... but is it possible to enable session timeout at least with a longer hour? Like 2 hours or so? I don't think there is anyone will write an essay or thesis on my site Wink

I just don't want to have someone else using someone else's account. Smile

Cheers!
 
Raven
PostPosted: Tue Nov 04, 2003 2:38 pm Reply with quote

And you think I just forget about these dangling conversations Laughing

Try this one on for size. In header.php find this code
Code:
if (eregi("header.php",$_SERVER['PHP_SELF'])) {

    Header("Location: index.php");
    die();
}
and modify it to
Code:
if (eregi("header.php",$_SERVER['PHP_SELF'])) {

    Header("Location: index.php");
    die();
}
echo "<meta http-equiv=\"REFRESH\" content=\"30; URL=account-logout.html\">";

The 30 is for 30 seconds in my example to demonstrate how it works. You could also hide the URL content in another file and call that file instead and issue the same command, kind of hiding it. You might also place it in includes/my_header.php instead of header.php too.

Understand that the browser window MUST be open for this to work. It is not a failsafe all-in-all solution.
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©