一段时间后，会取消设置 [英] Unset session after some time

问题描述

我建立一个在线机票预订网站。在此我做下面的事情：用户搜索总线与他们的座位号。该数据库更新与座位号与 temp_seat_book ='Y'。如果他的书票付钱他的状态将被更新为 final_t​​icket_book ='Y'。现在我想删除其字段 temp_seat_book ='Y'，但
final_t​​icket_book ='N'。为此，我需要删除这是session_ids超过10分钟老 final_t​​icket_book ='N'。因此，如何我可以实现后台作业？

解决方案

而不是做对文件的搜索（涉及更多的I / O）等

什么是会话cookie：会话Cookie

更好的方法是存储在$ _SESSION变量的最新活动的时间戳。

并更新在每次请求的会话数据（如果有的话，包括自动定期AJAX调用）。

比方说，你想10分钟后取消设置会话，

 如果（使用isset（$ _ SESSION ['most_recent_activity']）及和放大器;
    （时间（） -  $ _SESSION ['most_recent_activity']＆GT; 600））{ //600秒= 10分钟
 session_destroy（）;
 session_unset（）; }
 $ _SESSION ['most_recent_activity'] =时间（）; //会话的开始。
 

  

要避免像会话固定攻击（会话固定是一种攻击，允许攻击者劫持有效用户会话）保持再生会话ID周期性说5分钟（我建议保持再生时间以及会话过期时间多一点）。攻击的一个更详尽的列表：攻击列表

 如果（！使用isset（$ _ SESSION [创造]））{
    $ _SESSION [创造] =时间（）;
    }
否则，如果（时间（） -  $ _SESSION [创造＆GT; 600）{
    session_regenerate_id（真）;
    $ _SESSION [创造] =时间（）;
    }
 

此外，确保 session.gc-maxlifetime 设置为最大到期要使用时间。
你可以做到这一点。

 的ini_set（'session.gc-maxlifetime'，600）
 

或者
直接在你的php.ini设置。

和也

<一个href=\"http://www.php.net/manual/en/session.configuration.php#ini.session.cookie-lifetime\">session.cookie_lifetime ：

  

session.cookie_lifetime指定cookie的寿命，其中被发送到浏览器秒点。


  但是，破坏会话必须在服务器端被照顾，而不是在客户端。
  设置session.cookie_lifetime设置为0会使会话cookie的行为方式的会话cookie应即直到关闭浏览器会话cookie才有效。

这种方法虽然有些乏味，它更优雅。

嗯，发现了我以前看了很久的链接！ ：我怎样在30分钟后过期一个PHP会话？

I am building a online ticket booking site . In this I am doing the following things : The user searches the bus with their seat numbers . The database is updated with the seat numbers with temp_seat_book = 'Y' . If he books the ticket paying money his status will be updated to final_ticket_book = 'Y' . Now I want to delete the field whose temp_seat_book = 'Y' but final_ticket_book = 'N' . For this I need to delete the session_ids which is more than 10minutes old and final_ticket_book = 'N'. So how I can implement the background job?

解决方案

Instead of doing a search for files (which involves more i/o ) etc, What is a session cookie: Session Cookie
A better way is to store a time stamp of the 'most recent activity' in the $_SESSION variable.
And updating the session data on every request (including the automated periodic ajax calls if any).

Lets say you want to unset the session after 10 minutes,

if (isset($_SESSION['most_recent_activity']) && 
    (time() -   $_SESSION['most_recent_activity'] > 600)) {

 //600 seconds = 10 minutes
 session_destroy();   
 session_unset();  

 }
 $_SESSION['most_recent_activity'] = time(); // the start of the session.

To avoid attacks like Session fixation: (Session Fixation is an attack that permits an attacker to hijack a valid user session) keep regenerating the session id periodically say for 5 mins (I would suggest to keep the regeneration time as well as session expire time a bit more). A more elaborate list of attacks: attack list.

if (!isset($_SESSION['CREATED'])) {
    $_SESSION['CREATED'] = time();
    } 
else if (time() - $_SESSION['CREATED'] > 600) {
    session_regenerate_id(true);    
    $_SESSION['CREATED'] = time();  
    }

Also, make sure session.gc-maxlifetime is set to the maximum expire time you want to use. You can do this

ini_set('session.gc-maxlifetime', 600)

Or Set it directly in your php.ini.

and also

session.cookie_lifetime :

session.cookie_lifetime specifies the lifetime of the cookie in seconds which is sent to the browser.

But, destroying the session must be taken care at the server-side and not the client-side. Setting the session.cookie_lifetime set to 0 would make the session’s cookie behave the way a session cookie should i.e. that a session cookie is only valid until the browser is closed.

Although this method is a tad tedious, Its more elegant.

Ah, found the link which I had read a long time ago! : How do I expire a PHP session after 30 minutes?

这篇关于一段时间后，会取消设置的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！