How to show alert when session is expired?

[sangasangasanga]

Hi, I have successfully implemented the zebra session and it works wonderfully. I would like to add an alert when the session is going to expire or expire. I analyzed your code and tried to add it to the write() function. That didn't work. Kindly need your assistance on this. Thank you in advance :)

[stefangabos]

I'd do it in the write method by changing

// get the active (not expired) result associated with the session id and hash
$result = $this->query('

    SELECT
        session_data
    FROM
        ' . $this->table_name . '
    WHERE
        session_id = ?
        AND session_expire > ?
        AND hash = ?
    LIMIT
        1

', $session_id, time(), md5($hash));

// if there were no errors and data was found
if ($result !== false && $result['num_rows'] > 0)

    // return session data
    // don't bother with the unserialization - PHP handles this automatically
    return $result['data']['session_data'];

to

// get the active (not expired) result associated with the session id and hash
$result = $this->query('

    SELECT
        session_data,
        session_expire,
    FROM
        ' . $this->table_name . '
    WHERE
        session_id = ?
        AND session_expire > ?
        AND hash = ?
    LIMIT
        1

', $session_id, time(), md5($hash));

// if there were no errors and data was found
if ($result !== false && $result['num_rows'] > 0) {

    // do it here
    if ($result['data']['session_expire'] - time() < 3600) {
        die('session is about to expire in less than an hour');
    }

    // return session data
    // don't bother with the unserialization - PHP handles this automatically
    return $result['data']['session_data'];

}

this is untested code, but you should get the idea

[sangasangasanga]

Hi @stefangabos, thanks for your prompt reply. I get the idea but for write() function seems to be different from mine.

`/**

• Custom write() function

• @access private */ function write($session_id, $session_data) {

  // insert OR update session's data - this is how it works:
  // first it tries to insert a new row in the database BUT if session_id is already in the database then just
  // update session_data and session_expire for that specific session_id
  // read more here http://dev.mysql.com/doc/refman/4.1/en/insert-on-duplicate.html
  
  $result = $this->_mysql_query('
  
      INSERT INTO
          ' . $this->table_name . ' (
              session_id,
              hash,
              session_data,
              session_expire
          )
      VALUES (
          "' . $this->_mysql_real_escape_string($session_id) . '",
          "' . $this->_mysql_real_escape_string(md5(($this->lock_to_user_agent && isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : '') . ($this->lock_to_ip && isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : '') . $this->security_code)) . '",
          "' . $this->_mysql_real_escape_string($session_data) . '",
          "' . $this->_mysql_real_escape_string(time() + $this->session_lifetime) . '"
      )
      ON DUPLICATE KEY UPDATE
          session_data = "' . $this->_mysql_real_escape_string($session_data) . '",
          session_expire = "' . $this->_mysql_real_escape_string(time() + $this->session_lifetime) . '"
  
  ');
  
  // if anything happened, return TRUE
  // if something went wrong, return false
  return $result ? true : false;

  }`

[stefangabos]

sorry, i meant the read method

[sangasangasanga]

Hi @stefangabos , thank you I saw it. I tried changing as per suggestion. No matter what i put inside that the if statement, the error persists. Kindly need your help on this. Warning: session_start(): Failed to read session data: user Fatal error: Uncaught Error: Cannot use object of type mysqli_result as array in ..zebra_session.php:514

[stefangabos]

i don't know what those screenshots are from. if that's from the library, that is not the latest version. i just tried the changes i suggested and they seem to work fine

[stefangabos]

yup, you seem to be using a pre-3.0 version. please update to the latest

[sangasangasanga]

Hi @stefangabos, sorry for the late reply. I managed to try with the latest code. I am having 2 issues: 1) session_lifetime worked fine for me before but it is not being set when I change to the latest version

2) I tested the code but i am still getting errors from it

thank you for your kind assistance in advance :)

[stefangabos]

it says that you forgot to add session_expire to the query - see my previous posts

[stefangabos]

as mentioned, you need to change

SELECT
    session_data
FROM

to

SELECT
    session_data,
    session_expire,
FROM

[sangasangasanga]

Hi @stefangabos , that solved the 2nd issue. Thanks. However, I am not able to test it as I am not able to set the session_lifetime to something shorter as mentioned in my first issue. Kindly need your help on this. It worked before but not sure why its not working with the latest version

[stefangabos]

i just realized that this approach is not working. if you are there, then the session lifetime is automatically extended so you would never get to die() this is how sessions work - as long as you are active, with each touching of the session library, your session is extended with the session lifetime, so it will never expire as long as you are active; and you are reading it only when you are active

[sangasangasanga]

Hi @stefangabos, that's cool. But what if I need it to log the person out if the person is not active for x mins? How does the logic work for this?

[stefangabos]

you don't need to modify the library for that. you need to read about building a login page using sessions in PHP basically, the very basic gist of it, would be that once the user authenticates you set something like $_SESSION['id'] = '123' or something. as long as that isset($_SESSION['id']), the user is logged in. when that variable is not available you need the user to log in again

[sangasangasanga]

Hi @stefangabos, thanks for the help. It works now. Thanks!