php - TP3.2 user login timeliness issue
Using tp3.2 for background management, I encountered a problem when doing user login.
1. After the background user logs in, it has always been valid. After leaving it for a whole afternoon, I closed the browser, and the user login status still exists. The user's expiration can only be realized when clicking logout.
The default session validity period that is not PHP is 1440 seconds (24 minutes). If the client does not refresh for more than 24 minutes, the current session will be recycled and invalid. Why is it always valid? Got it?
2. How to use tp to realize the timeliness issue of user login: when the user does not operate, it will automatically expire after a fixed period of time. How to achieve it.
My login part code:
if(IS_POST){
$uname=I('post.uname');
$password=md5(I('post.password'));
$res=M('manager')->where("uname='{$uname}'")->find();
if(is_null($res)) {
$this->error("用户名不存在");
return false;
}
if($res['uname']==$uname&&$res['password']==$password){
$_SESSION['uname']=$res['uname'];
$_SESSION['expire']=time()+600;
$this->success('登录成功',U('Rbac/Index/index'));
exit();
}
$this->error("登录失败");
}The idea I looked at on Baidu is to use $_Session['expire'] to achieve it, but I don’t know where to put this code. Is it inappropriate to put it during login check? Where should I put it?
// 设置用户登录session登录限制时间
if(isset($_SESSION['expire'])){
if($_SESSION['expire']<time()){
unset($_SESSION['expire']);
$this->error('登录过期,请重新登录','Rbac/Login/login');
}else{
// 刷新时间戳
$_SESSION['expire']=time()+600;
}
}
