session-timeout

What is the actual difference between session.gc_maxlifetime and session_cache_expire() ? Suppose I want the users session to be invalid after 15 minutes of non-activity (and not 15 after it was first opened). Which one of these will help me there? I also know I can do session_set_cookie_params() which can set the user's cookie to expire in some amount of time. However, the cookie expiring and the actual session expiring on the server side are not the same; does this also delete the session when the cookie has expired? Another solution I have though of is simple $_SESSION['last_time'] = time()

There are various ways to handle session timeouts, like "meta refreshes" javascript on load functions etc. I would like something neat like: 5 minutes before timeout, warn the user... I am also contemplating keeping the session open for as long as the browser is open(still need to figure out how to do it though... probably some iframe with refreshing). How do you handle session timeouts, and what direction do you think i should go in? The best approach to handle sessions timeouts. I say that there is 2 basic cases. One is when the users enter little or no data, and just read reports, or do

I'm looking for a tutorial, blog entry, or some help on the technique behind websites that automatically push users (ie without a postback) when the session expires. Any help is appreciated Usually, you set the session timeout, and you can additionally add a page header to automatically redirect the current page to a page where you clear the session right before the session timeout. From http://aspalliance.com/1621_Implementing_a_Session_Timeout_Page_in_ASPNET.2 namespace SessionExpirePage { public partial class Secure : System.Web.UI.MasterPage { public int SessionLengthMinutes { get { return

I'm using spring/spring-security 3.1 and want to take some action whenever the user logs out (or if the session is timed out). I managed to get the action done for logout but for session timeout, I can't get it working. In web.xml I only have the ContextLoaderListener specified ( can this be the issue? ) and of course the DelegatingFilterProxy. I use the auto config like this. <security:http auto-config="false" use-expressions="false"> <security:intercept-url pattern="/dialog/*" access="ROLE_USERS" /> <security:intercept-url pattern="/boa/*" access="ROLE-USERS" /> <security:intercept-url