i wrote a Website in PHP with user authentification. I used sessions for this. When a user logs in, a flag in a database is set and when he logs out this flag is reseted. This prevents that one user can login multiple times into the Website.
All works fine, but when the user forgets to logout, the session become invalid after a time. When the user now tries to relogin, he will be prevented from login, because the flag is still set.
I need a handler/function that will be invoked, when the session becomes invalid/destroyed. How can i do this?
I know that there is a function called session_set_save_handler but i only need the destroy function. Don't need the other functions and can i access the $_SESSION variables in that function ? Because in this variable the userid is saved, whose flag need to be reseted.
Thanks for help.
Since PHP has no process that can check your sessions in the background you have to use a cron job to check your stale sessions or else a function that is called any time anyone accesses the site that resets all stale sessions. Neither is ideal.
Rather than worry about a cron job why not just check the session at login time? Instead of a simple flag use a DATETIME field that you can check for staleness. Call the field something like "last_accessed" and update it to NOW() any time a user does anything on the system. Then when they go to log in from another browser if "last_accessed" < 10 minutes or whatever timeout interval you decide on, don't allow the login, but if it is past that timeout allow the login and refresh the timestamp.