一段时间后,会取消设置 [英] Unset session after some time
问题描述
我建立一个在线机票预订网站。在此我做下面的事情:用户搜索总线与他们的座位号。该数据库更新与座位号与 temp_seat_book ='Y'
。如果他的书票付钱他的状态将被更新为 final_ticket_book ='Y'
。现在我想删除其字段 temp_seat_book ='Y'
,但 final_ticket_book ='N'
。为此,我需要删除这是session_ids超过10分钟老 final_ticket_book ='N'
。因此,如何我可以实现后台作业?
什么是会话cookie:会话Cookie
更好的方法是存储在$ _SESSION变量的最新活动的时间戳。
并更新在每次请求的会话数据(如果有的话,包括自动定期AJAX调用)。
比方说,你想10分钟后取消设置会话,
如果(使用isset($ _ SESSION ['most_recent_activity'])及和放大器;
(时间() - $ _SESSION ['most_recent_activity']> 600)){ //600秒= 10分钟
session_destroy();
session_unset(); }
$ _SESSION ['most_recent_activity'] =时间(); //会话的开始。
要避免像会话固定攻击(会话固定是一种攻击,允许攻击者劫持有效用户会话)保持再生会话ID周期性说5分钟(我建议保持再生时间以及会话过期时间多一点)。攻击的一个更详尽的列表:攻击列表
块引用>如果(!使用isset($ _ SESSION [创造])){
$ _SESSION [创造] =时间();
}
否则,如果(时间() - $ _SESSION [创造> 600){
session_regenerate_id(真);
$ _SESSION [创造] =时间();
}此外,确保
session.gc-maxlifetime
设置为最大到期要使用时间。
你可以做到这一点。的ini_set('session.gc-maxlifetime',600)
或者
直接在你的php.ini设置。和也
<一个href=\"http://www.php.net/manual/en/session.configuration.php#ini.session.cookie-lifetime\">session.cookie_lifetime :
session.cookie_lifetime指定cookie的寿命,其中被发送到浏览器秒点。
但是,破坏会话必须在服务器端被照顾,而不是在客户端。
设置session.cookie_lifetime设置为0会使会话cookie的行为方式的会话cookie应即直到关闭浏览器会话cookie才有效。
块引用>这种方法虽然有些乏味,它更优雅。
嗯,发现了我以前看了很久的链接! :我怎样在30分钟后过期一个PHP会话?
I am building a online ticket booking site . In this I am doing the following things : The user searches the bus with their seat numbers . The database is updated with the seat numbers with
temp_seat_book = 'Y'
. If he books the ticket paying money his status will be updated tofinal_ticket_book = 'Y'
. Now I want to delete the field whosetemp_seat_book = 'Y'
butfinal_ticket_book = 'N'
. For this I need to delete the session_ids which is more than 10minutes old andfinal_ticket_book = 'N'
. So how I can implement the background job?解决方案Instead of doing a search for files (which involves more i/o ) etc, What is a session cookie: Session Cookie
A better way is to store a time stamp of the 'most recent activity' in the $_SESSION variable.
And updating the session data on every request (including the automated periodic ajax calls if any).Lets say you want to unset the session after 10 minutes,
if (isset($_SESSION['most_recent_activity']) && (time() - $_SESSION['most_recent_activity'] > 600)) { //600 seconds = 10 minutes session_destroy(); session_unset(); } $_SESSION['most_recent_activity'] = time(); // the start of the session.
To avoid attacks like Session fixation: (Session Fixation is an attack that permits an attacker to hijack a valid user session) keep regenerating the session id periodically say for 5 mins (I would suggest to keep the regeneration time as well as session expire time a bit more). A more elaborate list of attacks: attack list.
if (!isset($_SESSION['CREATED'])) { $_SESSION['CREATED'] = time(); } else if (time() - $_SESSION['CREATED'] > 600) { session_regenerate_id(true); $_SESSION['CREATED'] = time(); }
Also, make sure
session.gc-maxlifetime
is set to the maximum expire time you want to use. You can do thisini_set('session.gc-maxlifetime', 600)
Or Set it directly in your php.ini.and also
session.cookie_lifetime specifies the lifetime of the cookie in seconds which is sent to the browser.
But, destroying the session must be taken care at the server-side and not the client-side. Setting the session.cookie_lifetime set to 0 would make the session’s cookie behave the way a session cookie should i.e. that a session cookie is only valid until the browser is closed.Although this method is a tad tedious, Its more elegant.
Ah, found the link which I had read a long time ago! : How do I expire a PHP session after 30 minutes?
这篇关于一段时间后,会取消设置的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!