before my problem was that my sessions were being terminated spontaneously. it looks
like i've managed to fix that problem - so far i haven't been randomly logged off my
application. the problem is, according to my php.ini settings, my session should have
been terminated after 2 hours, it's been almost 5 hours now...
my php.ini:
<snip>
; Lifetime in seconds of cookie or, if 0, until browser is restarted.
session.cookie_lifetime =0
; Percentual probability that the 'garbage collection' process is started
; on every session initialization.
session.gc_probability =100
; After this number of seconds, stored data will be seen as 'garbage' and
; cleaned up by the garbage collection process.
session.gc_maxlifetime =7200
</snip>
after making the above changes in my php.ini, it looks like the javascript timer i
have in the headers of my authenticated pages does not work anymore. this javascript
is supposed to popup a warning message at 18 minutes of inactivity, and at 20 minutes,
redirect the user to the logout page, which calls session_destroy().
the js looks like:
<snip>
<script language="JavaScript">
<!--
function timeout_2MinuteAlert()
{if(confirm('Warning: You are about to time out. As a security measure, we log you out
after 20 minutes of inactivity. You have been inactive for 18 minutes. Click "Ok"
within the next 2 minutes to continue with your application, otherwise you will be
logged out. If you are logged out, you will need to log in again to continue your
session.'))
{
history.go(0)
}
}
function timeout_FinalAlert()
{
if(confirm('Warning: You have timed out. As a security measure, you have been logged
out after 20 minutes of inactivity. Click "Ok" again to return to log in again to
continue your session.'))
{
history.go(0)
}
}
setTimeout('timeout_2MinuteAlert()', 1080000); // = 18 minutes
setTimeout('timeout_FinalAlert()', 1212000); // = 20 minutes
//-->
</snip>
what happens is that the javascript gets to the 18 minute warning, but never gets to
the 20 minute warning, the user is not redirected to the logout page. ideally, i would
like to have this work. i would like the user to be able to click around on the site
without their session expiring indefinitely, but at 18 minutes of inactivity, have
this javascript pop up a warning message, and at 20 mins of inactivity have them be
automatically redirected to the logout page and their session destroyed.
what am i doing wrong?
--
______________________________________________
http://www.linuxmail.org/
Now with e-mail forwarding for only US$5.95/yr
Powered by Outblaze
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
