I am trying to log out when session time expires. I used this code:
home.php
session_start();
require_once 'class.user.php';
$user_home = new USER();
if($user_home->isLoginSessionExpired()) {
header("Location:logout.php?session_expired=1");
}
if(!$user_home->is_logged_in())
{
$user_home->redirect($web);
}
class.user.php
public function isLoginSessionExpired() {
$login_session_duration = 10;
$current_time = time();
if(isset($_SESSION['loggedin_time']) and isset($_SESSION["userSession"])){
if(((time() - $_SESSION['loggedin_time']) > $login_session_duration)){
return true;
}
}
return false;
}
public function is_logged_in()
{
if(isset($_SESSION['userSession']))
{
return true;
}
}public function logout()
{
session_destroy();
$_SESSION['userSession'] = false;
}public function login($uname,$upass)
{
try
{
$stmt = $this->conn->prepare("SELECT * FROM tbl_users WHERE userName=:username");
$stmt->execute(array(":username"=>$uname));
$userRow=$stmt->fetch(PDO::FETCH_ASSOC);
if($stmt->rowCount() == 1)
{
if($userRow['userStatus']=="Y")
{
if($userRow['userPass']==md5($upass))
{
$_SESSION['userSession'] = $userRow['userID'];
$_SESSION['user_name'] = $userRow['userName'];
return true;
}
else
{
header("Location: index.php?error");
exit;
}
}
else
{
header("Location: index.php?inactive");
exit;
}
}
else
{
header("Location: index.php?error");
exit;
}
}
catch(PDOException $ex)
{
echo $ex->getMessage();
}
}
logout.php
<?php
session_start();
require_once 'class.user.php';
$user = new USER();
if(!$user->is_logged_in())
{
$user->redirect($web);
}
if($user->is_logged_in()!="")
{
$user->logout();
$user->redirect($web);
}
$url = $web;
if(isset($_GET["session_expired"])) {
$url .= "?session_expired=" . $_GET["session_expired"];
}
header("Location:$url");
?>
login.php
<?php
session_start();
require_once 'class.user.php';
$user_login = new USER();
if($user_login->is_logged_in()!="")
{
$user_login->redirect($web.$_SESSION['user_name']);
}
if(isset($_POST['btn-login']))
{
$uname = trim($_POST['txtuname']);
$upass = trim($_POST['txtupass']);
if($user_login->login($uname,$upass))
{
$user_login->redirect($uname);
}
}
?>
But my code is not working! How can I sort out my problem?
The problem in User
's logout()
method.
Since if you do $_SESSION['userSession'] = false;
the isset($_SESSION["userSession"])
will still give you true
. So in class.user.php it should be:
public function logout(){
session_destroy();
unset($_SESSION['userSession']);
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.