我试图阻止用户在会话中过早注销,迫使他们重新登录API。理想情况下,我希望在登录后的4小时内提示用户重新登录。
附带的代码显示了到目前为止我所做的工作来解决这个问题。观察到的行为是,只要用户经常与API交互(20-30分钟左右),用户就会保持登录状态。但它们处于非活动状态,它们已被注销。
我需要更改哪些内容才能确保我的用户在登录后4小时内完全注销?
我的代码:
登录:
<?php
ini_set("session.gc_maxlifetime", "14400");
ini_set("session.cookie_lifetime", "0");
session_set_cookie_params(14400);
session_start();
include("inc.php");
// Check that user sent login credentials.
if ((isset($_POST['username'])) and (isset($_POST['password']))) {
$login = $_POST['username'];
$pass = $_POST['password'];
} else {
// Display error to user.
echo "Credentials did not save. Please try again.";
}
// Connect to the server and database.
$conn = new mysqli($servername, $username, $password, $dbname);
if ($conn->connect_errno) {
// Display error to user.
echo "There was a problem connecting to MySQL: (" . $conn->connect_errno . ") " . $conn->connect_error;
}
// Grab data from table using provided creds.
if (!($sql = $conn->prepare("SELECT * FROM sched_users WHERE login = ? ORDER BY login LIMIT 1"))) {
// Display error to user.
echo "Prepare failed: (" . $conn->errno . ") " . $conn->error;
}
// Bind parameters for safe variable insertion.
if (!($sql->bind_param("s", $login))) {
// Display error to user.
echo "Binding parameters failed: (" . $sql->errno . ") " . $sql->error;
//echo json_encode("Binding parameters failed.");
}
// Run statement.
if (!$sql->execute()) {
// Display error to user.
echo "Execute failed: (" . $sql->errno . ") " . $sql->error;
}
//Get result.
$res = $sql->get_result();
if ($res->num_rows === 0) {
// Display error to user.
echo "No user record found.";
} else if (!(($res->num_rows === 1) or ($res->num_rows === 0))) {
// Display error to user.
echo "Too many results returned.";
} else {
$row = $res->fetch_array();
// Check the entered password with the hashed password using PHP's password_verify(). Create session upon success.
$hash = $row['password'];
if (password_verify($pass, $hash)) {
//create session variables to use throughout scheduler.
//Session array name removed from post for security.
$_SESSION['my_session_name']['firstname'] = $row['firstname'];
$_SESSION['my_session_name']['lastname'] = $row['lastname'];
$_SESSION['my_session_name']['login'] = $row['login'];
$_SESSION['my_session_name']['userid'] = $row['id'];
$_SESSION['my_session_name']['email'] = $row['email'];
$_SESSION['my_session_name']['phone'] = $row['phone'];
$_SESSION['my_session_name']['company'] = $row['company'];
$_SESSION['my_session_name']['department'] = $row['department'];
$_SESSION['my_session_name']['admin'] = $row['admin'];
$_SESSION['my_session_name']['statusflag'] = $row['statusflag'];
$_SESSION['my_session_name']['revoked'] = $row['revoked'];
$_SESSION['my_session_name']['start'] = time();
// Set session to expire.
$_SESSION['my_session_name']['expire'] = ($_SESSION['my_session_name']['start'] + (60 * 14400));
//redirect authenticated user to landing page.
header("location: landing.php");
} else {
// Display error to user.
echo "The username or password does not match. Please try again.";
}
}
// close connection variables.
$sql->close();
$conn->close();
?>
检查会话的代码示例(重用):
<?php
ini_set("session.gc_maxlifetime", "14400");
ini_set("session.cookie_lifetime", "0");
session_set_cookie_params(14400);
session_start();
if (isset($_SESSION['my_session_name']['firstname'])) {
$cur_time = time();
if ($cur_time > $_SESSION['my_session_name']['expire']) {
session_destroy();
echo 'Your session has expired! <a href="[https://my.url/index.php">Log Back In</a>';
} else {
$title = "Hi ".$_SESSION['my_session_name']['firstname']."Please create a new user.";
$firstname = $_SESSION['my_session_name']['firstname'];
$lastname = $_SESSION['my_session_name']['lastname'];
$login = $_SESSION['my_session_name']['login'];
$userid = $_SESSION['my_session_name']['userid'];
$email = $_SESSION['my_session_name']['email'];
$phone = $_SESSION['my_session_name']['phone'];
$company = $_SESSION['my_session_name']['company'];
$department = $_SESSION['my_session_name']['department'];
}
} else {
session_destroy();
header("Location: https://my.url/index.php");
}
?>
感谢所有帮助。谢谢!