I'm sorry I can't ask a question on the already answered question because I've just registered.
My issue is session expiry.
It's working fine and logging out after time set.
My issue is when not logged in and I revisit the site it then redirects to the logged out page. I'm pretty sure that this is having a negative effect on my seo.
This is the code I've used.
// ********************************* //
// ************ SESSIONS *********** //
// stops javascript from getting the session id. phpacademy
ini_set('session.cookie_httponly', true);
// Start the session:
session_start();
// http://stackoverflow.com/questions/520237/how-do-i-expire-a-php-session-after-30-minutes
if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > 1800)) {
// last request was more than 60 minutes ago
session_destroy(); // destroy session data in storage
session_unset(); // unset $_SESSION variable for the runtime
header('Location: logged-out.php');
}
$_SESSION['LAST_ACTIVITY'] = time(); // update last activity time stamp
// http://stackoverflow.com/questions/520237/how-do-i-expire-a-php-session-after-30-minutes
if (!isset($_SESSION['CREATED'])) {
$_SESSION['CREATED'] = time();
} else if (time() - $_SESSION['CREATED'] > 1800) {
// session started more than 30 minutes ago
session_regenerate_id(true); // change session ID for the current session an invalidate old session ID
$_SESSION['CREATED'] = time(); // update creation time
}
// stops them using proxy servers and other ip addresses.
if (isset($_SESSION['last_ip']) === false);{
$_SESSION['last_ip'] = $_SERVER['REMOTE_ADDR'];
}
if ($_SESSION['last_ip'] !== $_SERVER['REMOTE_ADDR']){
session_unset();
session_destroy();
}
// ************ SESSIONS *********** //
// ********************************* //
What can I do to stop being redirected to logged out when I'm already logged out???
I can see this is happening for others using statcounter and their visit page is the logged out one?
Please advise.
As specified in the php documentation about sessions, there is more to do to clean up/destroy a session than simply calling session_unset and session_destroy. To permanently delete a session you have to destroy the session cookie as well. To do that see here
And btw, calling session_unset after session_destroy does nothing, session_unset should be called before calling session_destroy because once you've destroyed the session the data associated with the current session will no longer be accessible(though it is still stored on your server and can be accessed again via the session cookie).