CGI session timeout

supersonic has asked for the wisdom of the Perl Monks concerning the following question:

Hi.

Is there a way that I can make a 'session' timeout after x ammount of inactivity. e.g. if you log in to a webpage and you did some administration on a database, you get up and leave without loggin out.

Can I make the script/html page timeout and go back to the log on page. i tried the whole meta tag thing and it times out, but once i start navigating it won't time out and redirect.

I need help please

Edit by tye

Comment on CGI session timeout

Replies are listed 'Best First'.
Re: timeout by Anonymous Monk on Aug 28, 2001 at 21:33 UTC
Keep track of the session on the server, when someone requests a page and their session has timed out print out the login page along with a message letting them know their session has timed out.	[reply]
Re: Re: timeout by earthboundmisfit (Chaplain) on Aug 28, 2001 at 22:40 UTC
Hope this isn't a duplication of effort, but I'm learning this myself and it's a good exercise for me to work it out (plus it's a slow day at work). Here's how I would do it (untested). Constructive crits of my implementation welcome. #! /Perl use strict; use warnings; use lib '.'; # perhap needed if using IIS on NT/W +in2K use CGI qw(:standard remote_addr); my $unique = $ENV{'REMOTE_ADDR'}; # caution: forgable $unique =~ s/\./_/g; my ($expired) = 0; tie my $session, "session_track", "C:/TEMP/$unique.txt"; &login if (defined($login)); # assuming $login is passed as a par +am &check_timeout; # call this in all programs you wish + to do session tracking on sub login { $session = time; } sub check_timeout{ my $now = time; $expired = 1 if (($now-$session)>600) # 10 minute timeout } if($expired) { print header(); print h3('Session timeout. No soup for you') } else { # serve the soup ... your code here and then finish it with: $session = time; # that is, reset the timeout with each ne +w activity } [download] Now in session_track.pm (This code was ripped directly form the Camel Book.) package session_track; use Carp; use strict; use warnings; use warnings::register; my $count =0; sub TIESCALAR { my $class = shift; my $filename = shift; my $fh; if (open $fh, "<", $filename \|\| open $fh, ">", $filename) { close $fh; $count++; return bless \$filename, $class; } carp "Can't tie $filename: $!" if warnings::enabled(); return; } sub FETCH { my $self = shift; confess "I am not a class method" unless ref $self; return unless open (my $fh, $$self); read($fh, my $value, $fh); return $value } sub STORE { my ($self,$value) = @_; confess "I am not a class method" unless ref $self; open my $fh, ">", $$self or croak "can't clobber $$self: $!"; syswrite($fh, $value) == length $value or croak "can't write to $$self: $!"; close $fh or croak "can't close $$self:$!"; } return "true"; [download] update: perrin's point is well taken. unique session id has some good info on the topic	[reply] [d/l] [select]
Re: Re: Re: timeout by perrin (Chancellor) on Aug 28, 2001 at 22:57 UTC
It's dangerous to use IP as an identifier. You'll run into problems with proxies and such. Better to generate a true unique ID and maintain it with cookies or URL munging.	[reply]