View Full Version : Session expiration?

08-27-2005, 04:52 PM
Ok, question.

On server side you can create a session expiration so that when people are idol too long it will kick them out of the site.

My question is, can you do that in html using meta tags?

I was not sure if that was possible.


Green Beast
08-27-2005, 05:30 PM
Yes. A short term session cookie will do just that.

08-27-2005, 05:33 PM
I have the same problem and how do you do that using
A short term session cookie ...

Green Beast
08-27-2005, 06:16 PM
It performs automatically if you use a session cookie instead of a perpetual long-term cookie. I think it stays active for thirty minutes. Something like this should work for you.

// here is where the session info is stored
// session begins at login
session_start(); // start
// List users
$_Users = array(
'User3', );
// List passwords
$_Passwords = array(
'password3', );

// confirms "Loggedin"
if (isset($_POST['Submitted']) && $_POST['Submitted'] == "True") {
if (in_array($_POST['Users'],$_Users) && in_array($_POST['Passwords'],$_Passwords)) {
$_SESSION['Loggedin'] = "True";
$_SESSION['Users'] = $_POST['Users'];
// this is where you want to redirect
// upon logout or expiration
// I used login.php as a page
if (@$_SESSION['Loggedin'] != "True") {
header ('Location: login.php');
// unset session, manual logout
if (isset($_GET['mode']) && $_GET['mode'] == "logout") {
header ('Location: '.$_SERVER['PHP_SELF']);

This doesn't include the login form or logout link itself, nor does it show the session info on each secure page (gloabl header for site wide) but it's pretty complete albeit fairly simplistic. Hopefully I didn't mess it up. I'm pretty new to PHP.


EDIT: Warning, this allows cross users. Users and passwords being interchangeable. To avoid that you'd need different sessions, probably based on user info. However, this does require a perfect match of BOTH users and Passwords to begin the session (login).

08-27-2005, 06:28 PM
Thanks :thumbsup:

08-28-2005, 06:29 PM
Wouldn't that be server side though? Or is that still a client side code?

Green Beast
08-28-2005, 06:52 PM
That would be server side. If can be partially client side by changing the header redirect to a meta refresh/redirect, but that be be disabled right in the browser. Keeping the whole thing server side ensures that when the session is over the user go back to the login page.

What's the application in this case? What are you trying to do?


08-29-2005, 03:33 PM
All I want to happen, is if the user waits more than 3 mins. the page refreshes. Is there a meta code or any kind of code that will do that? If so, what is it?

Green Beast
08-29-2005, 04:05 PM
Ah, I see. Will something like this work? It won't refresh on inactivity, but it should refresh the page if someones on it. I guess it would be helpful to learn more about the application.

<!-- Can be disabled by disabling JS -->
<script type="text/javascript">
function refreshPage() {
// -->
<body onLoad="setTimeout('refreshPage()',180000)">

<!-- I think this is right... 180000 = 3mins... *I think* -->



<!-- Can be disabled by removed meta refresh in security -->
<meta http-equiv="refresh" content="30">

Then there is the basic PHP redirect (included as a part of that other script). That would likely be best, just have to remove the logout portion and target the page their on upoin refresh instead of sending them back to the login.


08-30-2005, 02:31 PM
Hey thank you!