我正在使用以下技术...
表单从 login.php
发送到我执行此操作的页面 check.php
<?php
$uzer = $_POST['user_name'];
$pass = $_POST['user_pass'];
require ('DB_connection.php');
$result = mysql_query("SELECT * FROM accounts WHERE user_Name='$uzer' AND user_Pass='$pass'");
if( mysql_num_rows( $result ) > 0)
{
$array = mysql_fetch_assoc($result);
session_start();
$_SESSION['user_id'] = $uzer;
header("Location:loggedin.php");
}
else
{
header("Location:login.php");
}
?>
在 loggedin.php
页面上,我做的第一件事是
<?php
session_start();
if( !isset( $_SESSION['user_id'] ) )
{
header("Location:login.php");
}
else
{
echo ( "this session is ". $_SESSION['user_id'] );
//show rest of the page and all
}
?>
但是一旦登录,当我直接输入 url localhost\myProject\loggedin.php
时,它会显示页面...这非常有意义,因为 session 已经开始
我要实现的是
- 直接 URL\ session 在 session 终止\过期\超时后工作 10 分钟,然后用户必须重新登录并可能获得相同的 session ID,但 10 分钟后用户将无法浏览同一届 session
我需要做什么或学什么
最佳答案
在 session 中存储时间戳:
<?php
$uzer = $_POST['user_name'];
$pass = $_POST['user_pass'];
require ('DB_connection.php');
// Hey, always escape input if necessary!
$result = mysql_query(sprintf("SELECT * FROM accounts WHERE user_Name='%s' AND user_Pass='%s'", mysql_real_escape_string($uzer), mysql_real_escape_string($pass));
if( mysql_num_rows( $result ) > 0)
{
$array = mysql_fetch_assoc($result);
session_start();
$_SESSION['user_id'] = $uzer;
$_SESSION['login_time'] = time();
header("Location:loggedin.php");
}
else
{
header("Location:login.php");
}
?>
检查时间戳是否在允许的时间窗口内(600 秒为 10 分钟):
<?php
session_start();
if( !isset( $_SESSION['user_id'] ) || time() - $_SESSION['login_time'] > 600)
{
header("Location:login.php");
}
else
{
// uncomment the next line to refresh the session, so it will expire after ten minutes of inactivity, and not 10 minutes after login
//$_SESSION['login_time'] = time();
echo ( "this session is ". $_SESSION['user_id'] );
//show rest of the page and all
}
?>
关于PHP-使 session 在 X 分钟后过期,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/3770150/