FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » session handler auto log out
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: session handler auto log out [message #176099 is a reply to message #176093] Wed, 23 November 2011 18:53 Go to previous messageGo to previous message
Denis McMahon is currently offline  Denis McMahon
Messages: 634
Registered: September 2010
Karma:
Senior Member
On Wed, 23 Nov 2011 10:55:36 +0100, Erwin Moller wrote:

> On 11/23/2011 3:09 AM, Denis McMahon wrote:
>> On Tue, 22 Nov 2011 16:55:40 +0100, Arno Welzel wrote:
>>
>>>> Because the AJAX call will reset the session timer, so the session
>>>> will never time out.
>>>
>>> And where did i say that the AJAX call should be *before* the session
>>> times out?
>>
>> If the ajax call is made after the session has timed out, then you're
>> back to the previously discussed situation where you get a request
>> without a valid current session ID and do with it as you wish.
>>
>> Any request, whether ajax initiated, a form submission, clicking a
>> link, grabbing an image etc will send the session cookie from the
>> client to the server if a session cookie is defined.

> Are you sure a request for an *image* will modify the Session?
>
> I thought the Session would only be updated if session_start() is used
> (directly or indirectly by activation session.auto_start).

Read what I wrote again:

1) Any request ... will send the session cookie from the client to the
server if a session cookie is defined.

This is something that the client does - if it has valid (non expired)
cookies for the server and makes a request to the server, it sends the
cookies.

So yes, the client browser sends the cookies with every request,
including images etc.

If the request is then served by php (and you can serve any content with
php) _and_ that php invokes the session handler, then the php session
timer is reset in the server, and an updated session cookie will be sent
back to the client browser.

eg if my web page includes <img src="server/getimage.php?imgid=76">

and getimage.php looks something like:

<?php
session_start();
$imageId = 2;
if (isset($_POST['imgid'])) $tmpImgId = intval($_POST['imgid']);
if ($tmpImgId > 1 && $tmpImgId < 1000) $imageId = $tmpImgId;
$imgFile = "/disks/images/webimages/{$imageId}.png"
if (file_exists($imgFile)) {
$size = getimagesize($imgFile);
if $size) {
header('Content-Type: ' . $size['mime'];);
header('Content-Length: ' . filesize($imgFile));
ob_clean();
flush();
readfile($imgFile);
exit;
}
else {
// error - not an identifiable image file
}
}
else {
// error - file doesn't exist
}
?>

(I may not have included all the relevant error handling, validations and
verifications)

Then requesting this image will reset any session expiry timer on the
server.

Rgds

Denis McMahon
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: preg_match() oddities and question
Next Topic: Phone number formatting
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Wed Nov 27 16:53:24 GMT 2024

Total time taken to generate the page: 0.03895 seconds