Batch php to loggoff web site
This is a discussion on Batch php to loggoff web site within the PHP Language forums, part of the PHP Programming Forums category; Sounds to me like you need two things: One is to make sure all your server-side validation expires after ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
11-04-2003
|
|||
|
|||
Re: Batch php to loggoff web site
Sounds to me like you need two things:
One is to make sure all your server-side validation expires after 21:00. So wherever your reads the cookie and validates the user, you could add a line checking whether the time is > 21:00, and if it is issue a rejection message. To be even more clever, you could use the following Javascript function: http://www.mcfedries.com/JavaScript/timer.asp to additionally close the browser at 21:00. Cheers, Eric "gf" <gfraley5@earthlink.net> wrote in message news:2ecb8cd6.0311040641.7e5e3ae3@posting.google.c om... > Martin Lucas-Smith <mvl22@cam.ac.uk> wrote in message news:<Pine.SOL.4.44.0311041140220.2071-100000@red.csi.cam.ac.uk>... > > > What you want to do isn't really possible. As I understand it you don't > > > want admins walking away from their pcs leaving an admin webpage up for > > > other people to mess about with. In reality there's nothing you can do > > > about the workstation/web browser, the server has no control over that > > > end. What you will have to do is implement some form of timeout at the > > > server end to re-request the admin password before performing any > > > action. > > > > > > If you use sessions or cookies to identify logged in users then you > > > should be able to do this by manipulating the expiry times. I use > > > cookies to identify users. Ordinary users get a fresh 30 day cookie with > > > every page. The administrator logon only gets a 10 minute one. > > > > Enable session management for a short period of time, e.g. 10 minutes, and > > insert into the <head> section of your HTML an HTTP-equiv refresh: > > > > <meta http-equiv="REFRESH" content="605; URL=/" /> > > > > i.e. the page will refresh itself 10 minutes plus 5 seconds after first > > loading. Given that the session will have expired 5 seconds beforehand, it > > will therefore log you out. > > > > Thanks Martin (and others). This will work in the event they leave > the browser open. However, I never stated that. My issue is that the > cookie is left on their machine and regardless of whether they leave > their browser open or closed the cookie allows them to stay logged in. > I know I can alter the cookie expire time and that is an option. > However, I don't want it expiring while they are in the middle of > something, so I avoid that. What I want is a way to automatically > schedule an offline job that will expire the cookie, log off the > browser, do whatever is necessary so that at 21:00 hours, as an > example, ALL sessions are timed out. 
|
Linear Mode
