NYCPHP Meetup

[mikesz at qualityadvantages.com]

Hello and greetings,

I have an application I am working on and I have a question about 
session timeout and its relationship to the cookie that is set when the 
member logs into their account. The time out code drops the session and 
logs a timestamp in the database to indicate when the user was last 
logged in. That's all fine. The expectation is that if the member comes 
back after the time out, then they would be required to login again but 
the login code does a check for an active cookie and not a session and 
allows the user to access the site apparently creating a new session.

I hope this explanation is clear enough for someone to give me some 
ideas about how to go about solving this. As far as I can see, the 
session timeout code is only looking at a time stamp in the database to 
drop the session. How do I get it to reset the cookie at the same time. 
I was thinking that add a conditional to test for an active cookie on 
the login but that doesn't cover all the bases like if the member just 
went to their CP or some other feature directly. Most of the pages only 
require an active cookie for authorization.

Any Ideas greatly appreciated.

thanks, mikesz