Regarding to How do I expire a PHP session after 30 minutes?, I copied some code from the 2nd answer Simple way of PHP session expiry in 30 minutes. I'd like to combine login and information to 1 page and another page is logout.php here is my code.
homepage.php
if(isset($_POST["submitform"])){
$v1 = "admin";
$v2 = "admin";
$v3 = $_POST['username'];
$v4 = $_POST['password'];
if($v1 == $v3 && $v2 == $v4){
session_start();
$_SESSION['username'] = $v1;
$_SESSION['start'] = time(); // taking now logged in time
$_SESSION['expire'] = $_SESSION['start'] + (1* 30) ; // ending a session in 30 seconds
if(!isset($_SESSION['username'])){
echo "Please Login again <a href='logout.php'>Click Here to Login</a>";
}else{
$now = time(); // checking the time now when home page starts
if($now > $_SESSION['expire']){
session_destroy();
echo "Your session has expire ! <a href='logout.php'>Click Here to Login</a>";
}else{
echo "This should be expired in 1 min <a href='logout.php'>Click Here to Login</a>";
}
}
}else{
echo '
<form method="post">
<input type="text" name="username">
<input type="password" name="password">
<button type="submit" name="submitform">Sign in</button>
</form>';
echo '<font color="red">wrong password</font>"';
}
}else{
echo '
<form method="post">
<input type="text" name="username">
<input type="password" name="password">
<button type="submit" name="submitform">Sign in</button>
</form>';
}
?>
Logout.php
<?php
session_start();
session_destroy();
header('Location: homepage.php');
?>
I set session expire to 30 seconds, however I found the session doesn't expire as expected. The session never expire. I am wondering if i put session_start(); in a right place? Thanks
You are only checking the status of the session on form post.
If you refresh the page it will resend the post, logging you in and extending the session.
Your logic needs to be:
if post, check password and extend session.
check if session has expired (this must happen if post there or not, makes no difference.)
based on the outcome of the session check display either a login form or the log out message.
if (isset($_POST["submitform"])) {
$v1 = "admin";
$v2 = "admin";
$v3 = $_POST['username'];
$v4 = $_POST['password'];
if ($v1 == $v3 && $v2 == $v4) {
session_start();
$_SESSION['username'] = $v1;
$_SESSION['start'] = time();
// taking now logged in time
$_SESSION['expire'] = $_SESSION['start'] + (1 * 30);
// ending a session in 30 seconds
} else {
echo '
<form method="post">
<input type="text" name="username">
<input type="password" name="password">
<button type="submit" name="submitform">Sign in</button>
</form>';
echo '<font color="red">wrong password</font>"';
die();
}
if (!isset($_SESSION['username'])) {
echo "Please Login";
echo '
<form method="post">
<input type="text" name="username">
<input type="password" name="password">
<button type="submit" name="submitform">Sign in</button>
</form>';
} else {
$now = time();
// checking the time now when home page starts
if ($now > $_SESSION['expire']) {
session_destroy();
echo "Your session has expired ! <a href='logout.php'>Click Here to Login</a>";
} else {
echo "This should be expired in 1 min <a href='logout.php'>Click Here to Login</a>";
}
}
session_start() needs to be the first line of code.
In addition, you could set the cookie to expire.
is that possible to have different sessions on the same page?
YES
So use
One user, one session. Period.
http://us3.php.net/manual/en/ref.session.php