stackoom
  简体   繁体   中英

Whats a safe place to handle session renewal in php

 原文  2018-02-18 03:21:52       php/ session

Question

I'm building a website where users can login and do typical stuff on a website using php.

When users login they are given a session timer $_SESSION['LAST_ACTIVE'] = time();

I'd like to destroy that session after 30 min of inactivity. However, every time the logged-in user jumps from page to page in their 30min session, their session time resets to 30 min.

This is all working perfectly. My question is, where is the safest place to put session renewals on a website? I am using codeigniter (it uses an MVC model) and I've placed it the Views folder in a file named header.php . Could perpetrators manipulate it in anyway and extend the session timer, even if a user was inactive to hijack their accounts?

views > header.php 

if (isset($_SESSION['LAST_ACTIVE']) && (time() - $_SESSION['LAST_ACTIVE'] > 3600)) 
{
    session_destroy();
    redirect('', 'refresh');
}
elseif(isset($_SESSION['LAST_ACTIVE']) && (time() - $_SESSION['LAST_ACTIVE'] < 3600)) 
{
    // setting the session with a timer
    $_SESSION['LAST_ACTIVE'] = time();
}

Thanks

1 answers

solution1
 0  2018-02-18 03:28:15

您可以使用应用程序的基本控制器的__constructor方法上的代码。

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Php Session renewal when the page is refreshed PHP session with safe_mode on How safe are PHP session variables? Handle Membership plans in the renewal month how to handle php session with Unity? Handle file session values in php Is PHP SESSION safe in website for inserting MySql data Is it Security Safe to Destroy and unset a session like this in php Is this code safe enough for PHP session with “remember me”? PHP - is it safe to store anything in the $_SESSION superglobal?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM