发表新帖
发表新帖

Unset session after some time

前端 未结
关注
2 1559
逝去的感伤
逝去的感伤 2021-02-10 04:16

I am building a online ticket booking site . In this I am doing the following things : The user searches the bus with their seat numbers . The database is updated with the seat

相关标签:
2条回答
  • 独厮守ぢ
    2021-02-10 04:51

    Standard PHP sessions are stored in files. You could implement a simple shell script to find any session file which hasn't been touched in 10 minutes:

    find /path/to/session/dir/* -mmin -10

    grep can be used to find the session files which have a final_ticket_book='N' value stored in them:

    grep -l 's:17:"final_ticket_book";s:1:"N";'

    (the -l flags has grep spit out the names of the files which match).

    Combining the two gives you:

    find /path/to/session/dir -mmin -10|xargs grep -l 's:17:"final_ticket_book";s:1:"N";'|xargs rm -f
    0 讨论(0)
  • 闹比i
    2021-02-10 04:59

    Instead of doing a search for files (which involves more i/o ) etc, What is a session cookie: Session Cookie
    A better way is to store a time stamp of the 'most recent activity' in the $_SESSION variable.
    And updating the session data on every request (including the automated periodic ajax calls if any).

    Lets say you want to unset the session after 10 minutes,

    if (isset($_SESSION['most_recent_activity']) && 
    (time() -   $_SESSION['most_recent_activity'] > 600)) {

 //600 seconds = 10 minutes
 session_destroy();   
 session_unset();  

 }
 $_SESSION['most_recent_activity'] = time(); // the start of the session.

    To avoid attacks like Session fixation: (Session Fixation is an attack that permits an attacker to hijack a valid user session) keep regenerating the session id periodically say for 5 mins (I would suggest to keep the regeneration time as well as session expire time a bit more). A more elaborate list of attacks: attack list.

    if (!isset($_SESSION['CREATED'])) {
    $_SESSION['CREATED'] = time();
    } 
else if (time() - $_SESSION['CREATED'] > 600) {
    session_regenerate_id(true);    
    $_SESSION['CREATED'] = time();  
    }

    Also, make sure session.gc-maxlifetime is set to the maximum expire time you want to use. You can do this 

    ini_set('session.gc-maxlifetime', 600)


    Or Set it directly in your php.ini.

    and also

    session.cookie_lifetime :

    session.cookie_lifetime specifies the lifetime of the cookie in seconds which is sent to the browser.

    But, destroying the session must be taken care at the server-side and not the client-side. Setting the session.cookie_lifetime set to 0 would make the session’s cookie behave the way a session cookie should i.e. that a session cookie is only valid until the browser is closed.

    Although this method is a tad tedious, Its more elegant.

    Ah, found the link which I had read a long time ago! : How do I expire a PHP session after 30 minutes?

    0 讨论(0)
 看不清?
提交回复
热议问题