如果用户没有在网站上进行任何类型的活动,我想破坏会话。 此时5个用户自动重定向索引页面。这怎么可能? 可以在php中进行会话处理,为此我必须维护或更新用户登录时间..
答案 0 :(得分:49)
非常简单:
if(time() - $_SESSION['timestamp'] > 900) { //subtract new timestamp from the old one
echo"<script>alert('15 Minutes over!');</script>";
unset($_SESSION['username'], $_SESSION['password'], $_SESSION['timestamp']);
$_SESSION['logged_in'] = false;
header("Location: " . index.php); //redirect to index.php
exit;
} else {
$_SESSION['timestamp'] = time(); //set new timestamp
}
答案 1 :(得分:9)
我从Sitepoint.com获得了此解决方案 在您的html中使用简单的元标记
<meta http-equiv="refresh" content="900;url=logout.php" />
900是您希望会话不活动时终止的时间(以秒为单位)。
希望它对您有用
答案 2 :(得分:0)
我的解决方案是 (我给你解决方案,但这个简单和语法没有尝试过)
checkerOrCreatorTime.php
<?php
//if using the session, this additional advice me
ini_set('session.cookie_httponly', 1);
ini_set('session.use_only_cookies', 1);
session_start();
//create session (JUST FOR ONE TIME)
if (!isset($_SESSION['THE SESSION KEY FOR LOGIN (EX. USERNAME)'])){
//create anyting session you need
$_SESSION['user']['THE SESSION KEY FOR LOGIN (EX. USERNAME)'] = 'USER';
$_SESSION['user']['TIME'] = '900';
}else
if (time() -$_SESSION['TIME'] > 900){
unset($_SESSION['user']);
// and whatever your decision
}
?>
常见问题:
1. Why use ['user'] is session login?
if you using many session for user, you just unset one var, like this.
2. why use a ini_set.... in this syntax?
for more security
如果您喜欢使用现代网络,只需使用javascript for ajax
答案 3 :(得分:0)
session_start();
$t=time();
if (isset($_SESSION['logged']) && ($t - $_SESSION['logged'] > 900)) {
session_destroy();
session_unset();
header('location: index.php');
}else {$_SESSION['logged'] = time();}
答案 4 :(得分:0)
<form action="index.php" method="post" name="frm"><input name="uname" type="text" placeholder="User Name" />
<input name="pass" type="password" placeholder="Password" />
<input name="submit" type="submit" value="submit" /></form>
In index.php
<?php if(isset($_SESSION['loggedAt'])) { header('dashboard.php'); }
if(isset($_POST['submit'])) { $name=$_POST['uname']; $pass=$_POST['pass'];
if($name=="admin" &amp;amp;&amp;amp; $pass=="1234") {
session_Start(); $_SESSION['username']=$name; $_SESSION['loggedAt']=time(); header('location:dashboard.php?msg=Welcome to dashboard'); } } ?>
in dashboard.php
if(time() - $_SESSION['loggedAt'] > 240) {
echo"<script>alert('Your are logged out');</script>";
unset($_SESSION['username'], $_SESSION['loggedAt']);
header("Location: " . index.php);
exit;
} else {
$_SESSION['loggedAt'] = time();
}
答案 5 :(得分:0)
此代码包含在connection.php中,以确保该代码包含在任何页面中,但您可以在所需的任何页面上实现
if (isset($_SESSION['user-session']) OR isset($_SESSION['admin-session']) ) {
//then we are checking the activity sesssion $_SESSION['']
if (isset($_SESSION['last_active'])) {
//if the time is set then we check the difference
$max_time=5*60; #number of seconds
$now=microtime(date("H:i:s"));
//Checking the last active and now difference in seconds
$diff=round(microtime(date("H:i:s"))- $_SESSION['last_active']); #the difference of time
if ($diff>=$max_time) { #if the difference is greater than the allowed time!
//echo "logging out couse the time is".$diff;
header("location:logout.php");
}else {
$time=microtime(date("H:i:s"));
$_SESSION['last_active']=$time; #Updating the time
//echo 'More time added the time was!'.$diff;
}
}else{
//if there is no last active then we create it over here
$time=microtime(date("H:i:s"));
$_SESSION['last_active']=$time;
}}
答案 6 :(得分:0)
使用.htaccess的简单解决方案
将以下几行添加到您的.htaccess文件中,其中3600是秒数。 与活动或不活动无关的会话将在一段时间后自动销毁。
根据以下代码会话,一小时后将被销毁。
php_value session.gc_maxlifetime 3600
php_value session.gc_probability 1
php_value session.gc_divisor 1
答案 7 :(得分:0)
您可以创建特定时间的Cookie。 例如,您可以将其放在登录页面上:
<?php
setcookie('admin', 'abc', time()+50);
?>
然后在每个页面中包含的某些文件部分(例如“ header.php”)中,您可以包括:
<?php
if (!isset($_COOKIE['admin'])) {
echo "<script> location.href='logout.php'; </script>";
}
setcookie('admin', 'abc', time()+50);
?>
在上面的示例中,cookie消失了50秒钟,用户将自动注销。