Check if session has expired yet with ajax request_问答_开发者

Check if session has expired yet with ajax request

开发者 https://www.devze.com 2023-03-29 23:41 出处：网络

There have been a couple of questions like this on stackoverflow but none answered very eloquently :)

相关专题：jquery session

There have been a couple of questions like this on stackoverflow but none answered very eloquently :)

I want to be able to display a login prompt when a user leaves their computer for 20 minutes and allows the session to timeout.

A simple "wait for 20 minutes and then show the prompt" wont work as the user ma开发者_StackOverflowy have been active on the site in another tab.
A standard ajax request to the server to check if session still active will essentially keep the user logged in, so that wont do either.

Is there a way to make an ajax request to the server that doesnt inherit the current session identity? (to avoid point 2 happening)

Thanks

Why won't you run the ajax call only when the user initiates an action on the site to perform which they don't have permission? This way when user first comes to webpage you can set a session variable with php for example:

$_SESSION['active'] = true;

When the original session expires the variable will not be available anymore. Then when you need to check if session is expired or not depending on user's actions you can send a request to server and validate current state of session depending on whether the session variable is set or not.

A standard ajax request to the server to check if session still active will essentially keep the user logged in, so that wont do either.

If the session expires after 20 minutes, do the check after 21 minutes :)

Is there a way to make an ajax request to the server that doesnt inherit the current session identity? (to avoid point 2 happening)

Assuming that you use cookies, there is no way to send a request to the server without cookies. You can however configure your webserver or framework to not take the cookie session into account for a specific request / path, and then check session validity without refreshing it.

Interesting problem. I believe the solution would lie in the way session activity is handled by the server-side.

If you provide an activity monitoring mechanism for your session, say a "$last_active" variable that monitors when was the last request, and update it whenever a request is made to the server, then conversely, kill the session if a certain time has elapsed, this will help with the keep alive stuff, regardless of the automatic features offered by PHP/APACHE.

Then you can use a conditional, say if you include a "?querylogin=1, on your url. you can have your server-side script check for the existence of that GET variable, and then give a response to the AJAX request, without updating the "$last_active" variable. I guess that should do it.