Re: Batch php to loggoff web site

From: David Mackenzie (me_at_privacy.net)
Date: 11/04/03 

Date: Tue, 04 Nov 2003 15:31:41 +0000

On 4 Nov 2003 06:41:46 -0800, gfraley5@earthlink.net (gf) wrote:

>Martin Lucas-Smith <mvl22@cam.ac.uk> wrote in message news:<Pine.SOL.4.44.0311041140220.2071-100000@red.csi.cam.ac.uk>...

>I know I can alter the cookie expire time and that is an option.
>However, I don't want it expiring while they are in the middle of
>something, so I avoid that. What I want is a way to automatically
>schedule an offline job that will expire the cookie, log off the
>browser, do whatever is necessary so that at 21:00 hours, as an
>example, ALL sessions are timed out.

In your scripts, check if the time is between, say 08:00 and 21:00. If
so, allow the script to continue as normal, otherwise display an
appropriate message and run your logoff function.

If the user has closed their browser or does not refresh the page, you
can't remove the cookie.

Controlling users' login status will be flimsy at best as they're not
actually logged into anything. You only know if the user is "still
there" when they request a new page from the server. They could have
closed their browser, switched off their machine and gone home for the
night and you'll never know about it.

I think the best you can do is the time check above, and setting the
cookie to expire ten minutes ahead. As long as the user is active, the
cookie will keep getting reset. After ten minutes of inactivity the
user will need to log in again. Many sites work like this. And after
9pm the system can't be used anyway. 

-- 
David ( @priz.co.uk )
The Internet Prisoner Database: http://www.priz.co.uk/ipdb/
The Tarbrax Chronicle: http://www.tarbraxchronicle.com/

Relevant Pages

  • Re: Question about cookies.
    ... Hey Roland, Have a look at this article, ... destroyed when the user closes his/her browser. ... destroy the cookie. ... > Sessions do not expire when the client closes the browser. ...
    (microsoft.public.scripting.vbscript)
  • Re: Attempt to de-mystify AJAX
    ... "Hyperlinks" always open a new browser window. ... key (cookie) is still there and still contains the original value. ... You can get the cookies from the HTTP_COOKIE CGI environment variable. ...
    (comp.databases.pick)
  • (auto) session expire
    ... minutes of inactivity. ... When user is inactive for 10 minutes the session will expire. ... The browser will delete the cookie because it was told by the server. ...
    (php.general)
  • Re: deleting cookies and local browser time versus server time
    ... based on what *it* thinks the time is, not what the server thinks the ... looks to be 3 or 4 hours in the past to my browser. ... give a cookie to expire at 4PM today, which is the time in Seattle, ...
    (comp.lang.php)
  • Re: NSA Used Cookies to Track Visitors Web Activities?
    ... Could unwittingly installing a compromised browser open the doors wide to cookie-based intrusions? ... A cookie itself is unlikely to be a virus, but if the browser code is written in C, it is very likely to have arrays that are susceptible to "buffer overrun" Sometimes a clever enough person can use such a bug to cause executable code stored in an allegedly non-executable file to replace code in your browser or operating system. ... an external intruder coming in over an Internet connection, presumably that intruder would have access to the cookies on one's machine. ...
    (comp.sys.mac.system)