Submitted by Guest (not verified) on Wed, 07/16/2008 - 11:37.
You might have to save the session in the database, along with the time, and it its greater than 60 min when it checks the db, log them out.
not the best solution but personally i am not in the habit of trusting anything in the session file or cookies anyways so i store basically everything in the DB and verify against it, such as IP address, for example if the first 2 octets of the request IP dont match the original, it assumes theyre trying to hijack the session and kicks them out, etc.
You might have to save the
You might have to save the session in the database, along with the time, and it its greater than 60 min when it checks the db, log them out.
not the best solution but personally i am not in the habit of trusting anything in the session file or cookies anyways so i store basically everything in the DB and verify against it, such as IP address, for example if the first 2 octets of the request IP dont match the original, it assumes theyre trying to hijack the session and kicks them out, etc.