Detecting elapsed session timeout

oppm · May 7, 2020, 8:10pm

Hi there,

I am aware that there are already a couple of posts regarding PHP session, however I could not find a satisfactory answer.

I have a session variable called “project_id” which I set once the user has opened a project. Now, in my forms I have an SQL WHERE clause in which I am using this variable. E.g. “idProject = [project_id]”. So far, so good, this is working fine. However, when the PHP session elapses, i.e. gets purged by the web server, then, when opening the form, I get an ugly error message telling me that some global variables are not set (“The following global variables are missing: …”). This error message is understandable as the session has elapsed. However, I cannot figure out a way to redirect the user to some login page in this situation or do something else which is nicer for the user. I tried adding some code in the “onApplicationInit” and “onScriptInit” event to detect missing variables, however the error is actually generated before any of the events available are processed.

I know that I could write some javascript which “pings” the server and does a redirect in case the session has elapsed. But I think that it is quite a lot of effort for such a common problem. I also read that one could write its own javascript based session timeout management, but I don’t think it is working in my case as the underlying SQL statement already fails, so I don’t get to the onApplicationInit events at all. One hack I could think of is to dramatically increase the PHP session timeout, say one full day, to basically disable the purging mechanism and then to implement the session timeout with javascript. However, I don’t want to do that as this is not the only application on this web server.

Is there a clean solution to overcome by problem ?

Thanks
Marcel

aducom · May 7, 2020, 9:04pm

the only semi optimal solution i created was to maintain a timer in the menu that when an item clicked would jump to the logon page. I also work a lot with panels that refresh automatically and that means that you have an automated ping that can jump to the login page when nothing else has happend in that time. I call it semi optimal because it is not fully full proof and requires a lot of fiddling. There is no neat solution out-of-the-box of scriptcase afaik.

maximnl · May 7, 2020, 9:04pm

Always enclose ‘[globvar]’. At least you avoid sql errors if var is not set.
Sc redirection for not loggged users is not working for me too.
I changed php hosting session from 1440 (about 20 min) default to much higher. At least logging out does not happen

bgilmore · May 7, 2020, 9:08pm

You might try adding this to the main menu onApplicationInit:
I’d be interested if it works for you and/or if any modifications were necessary.

// THIS SETS THE TIMEOUT TO WHICH SHOULD MATCH GC_MAXLIFETIME IN PHP.INI FILE WHEN AN IFRAME IS RELOADED
// LINE BELOW MUST BE /scriptcase/prod/third/jquery/js/jquery.js for DEVELOPMENT ENVIRONMENT
// PROD <script type=“text/javascript” src="…/_lib/prod/third/jquery/js/jquery.js"></script>
// DEV <script type=“text/javascript” src="/scriptcase/prod/third/jquery/js/jquery.js"></script>
?>
// PROD
// <script type=“text/javascript” src="…/_lib/prod/third/jquery/js/jquery.js"></script>
//DEV
<script type=“text/javascript” src="/scriptcase/prod/third/jquery/js/jquery.js"></script>
<script>
function idleTimer() {
var t;
var s;
$(document).ready(function () {
$("#iframe_menu").on(“load”, resetTimer) ;
});

function logout() {
window.location.href = ‘…/app_Login/app_Login.php’; //Adapt to actual logout script
console.log(“AUTO LOGOUT”); // COMMENT THIS LINE BEFORE DEPLOYING
}

function idle_warning() {
Swal.fire(“Idle time-limit exceeded”, “Click OK to continue session”, “warning”)
.then((result) => { if ( result.value ) { resetTimer() } });
}

function resetTimer() {
clearTimeout(t);
clearTimeout(s);
//PROD
//t = setTimeout(logout, 3600000); // time is in milliseconds (1000 is 1 second) 1 hour
//s= setTimeout(idle_warning, 3000000); // time is in milliseconds (1000 is 1 second) 50 minutes
//DEV
t = setTimeout(logout, 60000); // time is in milliseconds (1000 is 1 second) 1 minute
s = setTimeout(idle_warning, 30000); // time is in milliseconds (1000 is 1 second) 30 seconds
console.log(“TIMER RESET”); // COMMENT THIS LINE BEFORE DEPLOYING
}
}
idleTimer();
</script>
<?php

Joe · May 7, 2020, 9:08pm

Hi bgilmore,

I just found your post - very nice. You ask for suggestions of modifications.
I’d like to have a timer in the header of the page that resets when the user is active with a click on the page (not only when clicking a link). When timer reaches 0 then the popup alarm should appear.
Further it would be helpful for the user to have another timer in the popup to notify when the session ends with logout.

Joe