Improve Security (1) - Session Control for AppGini

Got something cool to share with AppGini users? Feel free to post it here!
Post Reply
sathukorala
AppGini Super Hero
AppGini Super Hero
Posts: 121
Joined: 2020-02-16 16:29

Improve Security (1) - Session Control for AppGini

Post by sathukorala » 2020-05-10 08:36

In this, I will show you how to implement user session control for AppGini which will give you added security for your apps

15.png
15.png (27.39 KiB) Viewed 6173 times


Follow the below steps

1. Create a file called session_keep.php in main folder with the following code (you can create a file with any name)

Code: Select all

<?php
$script_name = basename($_SERVER['PHP_SELF']);
$user = getLoggedMemberID();
	if($script_name == 'index.php' && (isset($_GET['signIn']) || isset($_GET['loginFailed'])) || $user == "guest"){ // this prevents session out in login page and guest access pages
			session_unset();
			session_destroy();
	}
	else {
			session_start();
			if($_SESSION['session_count'] == 0) {
			$_SESSION['session_count'] = 1;
			$_SESSION['session_start_time']=time();
				} else {
					$_SESSION['session_count'] = $_SESSION['session_count'] + 1;
				}

				$session_timeout = 60; // enter number of seconds here for session to live (in sec) - 60 = 1 minute - 1800/60 = 30 min

				$session_duration = time() - $_SESSION['session_start_time'];
				if ($session_duration > $session_timeout) {
				session_unset();
				session_destroy();
				session_start();
				session_regenerate_id(true);

				header("Location: index.php?signIn=1"); // Redirect to Login Page - index.php?signIn=1 - or whatever you wish
				$_SESSION['custom_err_msg']= "Your session has expired !!! Please login again"; // Enter the session out prompt you want
				} else {
				$_SESSION['session_start_time']=time();
				}

		}
?>
2. Include the session_keep.php file in hooks > footer-extras.php

Code: Select all

<?php
include("$currDir/session_keep.php");
?>
3. Add following code to hooks > header-extras.php (This is the message prompt seen on the upper part of the window)

Code: Select all

<?php	
if (isset($_SESSION['custom_err_msg'])) {
	$customError ='<div id="customErrorMessage" class="custmErrMsg alert alert-dismissable alert-danger">'.$_SESSION['custom_err_msg'].'</div>';
	echo $customError;			
	if ($_SESSION['custom_err_shown'] == 1){
		unset($_SESSION['custom_err_msg']);
		$_SESSION['custom_err_shown'] = 0;
	} 
	else {
		$_SESSION['custom_err_shown'] = 1;
	}				
}

?>

That's all
You can set the session out time in seconds in $session_timeout
This session out will not work on login page and guest access pages because they are not used by logged in users

Feel free to comment

marcelo
Posts: 10
Joined: 2020-07-29 15:26

Re: Improve Security (1) - Session Control for AppGini

Post by marcelo » 2021-04-30 18:41

Simply fantastic, congratulations on simplicity and efficiency.

Would it be possible to have them all moved in 1min and then in 5min?

The idea was to log out all users of the system and then log in again with their login.

SkayyHH
Veteran Member
Posts: 425
Joined: 2015-04-27 21:18

Re: Improve Security (1) - Session Control for AppGini

Post by SkayyHH » 2021-06-13 21:54

Hi,

this will not work with appgini 5.97 for me. Can´t login into the app anymore.

Many greetings!

jmacdougall
Posts: 26
Joined: 2015-11-02 01:22

Re: Improve Security (1) - Session Control for AppGini

Post by jmacdougall » 2021-08-15 17:15

Same here. Has this been resolved anywhere?
Jeff MacDougall

User avatar
onoehring
AppGini Super Hero
AppGini Super Hero
Posts: 1156
Joined: 2019-05-21 22:42
Location: Germany
Contact:

Re: Improve Security (1) - Session Control for AppGini

Post by onoehring » 2021-08-22 10:05

Hi,

I try to answer marcello's question
Would it be possible to have them all moved in 1min and then in 5min?
Sure you can. Create a new table where only the admin has access to. Then, fields to hold the times when the logout should be done (1min, 5min).
In the provided code (if it works in the latest AG version) pull the settings from the table.
Also you need some counter: If it's the 1st value, after logout you will need to pull the 2nd value. The pulled value goes into the provided code where the time is being checked.
This should enable you to have different logout/expiration times. ... or I simply got you wrong.

Olaf

AhmedBR
AppGini Super Hero
AppGini Super Hero
Posts: 327
Joined: 2013-09-19 10:23

Re: Improve Security (1) - Session Control for AppGini

Post by AhmedBR » 2022-07-23 00:27

Hi everyone,

does this work in latest version 22.14? I tried but no luck.

Thanks
AppGini 22.14 - xampp 3.3.0 - PHP 7.4.30 - Summary reports - Calendar - Mass update - Messages - AppGiniHelper

Post Reply