#62: Session Timeouts
Users should not stay logged in to high-security sites for prolonged periods of time. If someone walks away from a session on a site such as PayPal, someone else could walk up to the computer and move around some cash. Therefore, such sites use session timeouts to automatically log out users who haven't done anything for a short period of time (such as 10 minutes). It's important to note that you shouldn't do this if the site does not require such high security, because it is annoying to users.
Here are two functions that implement session timeouts. Notice that the timeout variables are in session variablesâyou can't trust this information to a browser, so you must keep it on your own server. The first function validates ...
Get Wicked Cool PHP now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
