I'm trying to set up a timeout test on a selection of files. The files run the test via an include, which contains the following:

$inactive = 20;
/* check to see if $_SESSION['timeout'] is set */
if(isset($_SESSION['timeout']) ) 
	{
	$session_life = time() - $_SESSION['timeout'];
	if($session_life > $inactive)
                {
		session_destroy();
		header('Location: logout.html');
		}
	}
$_SESSION['timeout'] = time();

Each of the pages using it begin as follows:

session_start();
include ("data_fr443zzw/timeout.dat.php"); /* Timout test */

6 of the pages work as I'd expect, redirecting on timeout, but one does not. The only difference I can see is that the 6 pages are presentational and have HTML and forms as well as PHP in them. The failing page is pure PHP, dealing with POST and SESSION variables to redirect the browser to the appropriate page.

The failing page effectively continues past the included code and executes that, redirecting based on POST variables, rather than the timeout SESSION variable it encounters first. If I add "die()" after the include on this page, for example, the timeout works, redirecting before executing the die().

So I'm baffled. Any ideas?

A header redirect has to be before any output. So once something is printed to the screen or HTML is shown, then the redirect will not work.

A header redirect has to be before any output. So once something is printed to the screen or HTML is shown, then the redirect will not work.

Mikulucky, thanks, I know: the six pages that work are the only ones that send anything to screen - the header works fine in them as it is correctly placed.

The one that doesn't is pure PHP, no html (and all pages begin identically anyway, that being the problem).

Mikulucky, thanks, I know: the six pages that work are the only ones that send anything to screen - the header works fine in them as it is correctly placed.

The one that doesn't is pure PHP, no html (and all pages begin identically anyway, that being the problem).

Have you tired, putting an exit(); after the redirect. This is because sometimes I have noticed that the header is sometimes ignored, unless the presence of and exit(); .

So;

$inactive = 20;
/* check to see if $_SESSION['timeout'] is set */
if(isset($_SESSION['timeout']) ) 
	{
	$session_life = time() - $_SESSION['timeout'];
	if($session_life > $inactive)
                {
		session_destroy();
		header('Location: logout.html');
                exit();
		}
	}
$_SESSION['timeout'] = time();

Have you tired, putting an exit(); after the redirect. This is because sometimes I have noticed that the header is sometimes ignored, unless the presence of and exit(); .

So;

$inactive = 20;
/* check to see if $_SESSION['timeout'] is set */
if(isset($_SESSION['timeout']) ) 
	{
	$session_life = time() - $_SESSION['timeout'];
	if($session_life > $inactive)
                {
		session_destroy();
		header('Location: logout.html');
                exit();
		}
	}
$_SESSION['timeout'] = time();

Ah, thanks. No idea why this should be needed but it does seem to create the required functionality across the board. Shall go beta test properly..

Thanks again!

No problem, once done, could you mark as solved and give rep as you feel appropriate?

Thanks

No problem, once done, could you mark as solved and give rep as you feel appropriate?

Thanks

Once I feel it's solved, of course. I'm not happy that it's contrary to programming logic, and therefore suggests issue with PHP, but I'll test it out properly and keep thinking where I may have misunderstood something.

If tests pan out, happy to close and give credit.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.