AppGini Community Forums

Posted: **2020-05-10 08:36**

In this, I will show you how to implement user session control for AppGini which will give you added security for your apps

: 15.png (27.39 KiB) Viewed 7927 times

Follow the below steps

1. Create a file called session_keep.php in main folder with the following code (you can create a file with any name)

Code: Select all

<?php
$script_name = basename($_SERVER['PHP_SELF']);
$user = getLoggedMemberID();
	if($script_name == 'index.php' && (isset($_GET['signIn']) || isset($_GET['loginFailed'])) || $user == "guest"){ // this prevents session out in login page and guest access pages
			session_unset();
			session_destroy();
	}
	else {
			session_start();
			if($_SESSION['session_count'] == 0) {
			$_SESSION['session_count'] = 1;
			$_SESSION['session_start_time']=time();
				} else {
					$_SESSION['session_count'] = $_SESSION['session_count'] + 1;
				}

				$session_timeout = 60; // enter number of seconds here for session to live (in sec) - 60 = 1 minute - 1800/60 = 30 min

				$session_duration = time() - $_SESSION['session_start_time'];
				if ($session_duration > $session_timeout) {
				session_unset();
				session_destroy();
				session_start();
				session_regenerate_id(true);

				header("Location: index.php?signIn=1"); // Redirect to Login Page - index.php?signIn=1 - or whatever you wish
				$_SESSION['custom_err_msg']= "Your session has expired !!! Please login again"; // Enter the session out prompt you want
				} else {
				$_SESSION['session_start_time']=time();
				}

		}
?>

2. Include the session_keep.php file in hooks > footer-extras.php

Code: Select all

<?php
include("$currDir/session_keep.php");
?>

3. Add following code to hooks > header-extras.php (This is the message prompt seen on the upper part of the window)

Code: Select all

<?php	
if (isset($_SESSION['custom_err_msg'])) {
	$customError ='<div id="customErrorMessage" class="custmErrMsg alert alert-dismissable alert-danger">'.$_SESSION['custom_err_msg'].'</div>';
	echo $customError;			
	if ($_SESSION['custom_err_shown'] == 1){
		unset($_SESSION['custom_err_msg']);
		$_SESSION['custom_err_shown'] = 0;
	} 
	else {
		$_SESSION['custom_err_shown'] = 1;
	}				
}

?>

That's all
You can set the session out time in seconds in $session_timeout
This session out will not work on login page and guest access pages because they are not used by logged in users

Feel free to comment

Posted: **2021-04-30 18:41**

Simply fantastic, congratulations on simplicity and efficiency.

Would it be possible to have them all moved in 1min and then in 5min?

The idea was to log out all users of the system and then log in again with their login.

Posted: **2021-06-13 21:54**

Hi,

this will not work with appgini 5.97 for me. CanÂ´t login into the app anymore.

Many greetings!

Posted: **2021-08-15 17:15**

Same here. Has this been resolved anywhere?

Posted: **2021-08-22 10:05**

Hi,

I try to answer marcello's question

Would it be possible to have them all moved in 1min and then in 5min?

Sure you can. Create a new table where only the admin has access to. Then, fields to hold the times when the logout should be done (1min, 5min).
In the provided code (if it works in the latest AG version) pull the settings from the table.
Also you need some counter: If it's the 1st value, after logout you will need to pull the 2nd value. The pulled value goes into the provided code where the time is being checked.
This should enable you to have different logout/expiration times. ... or I simply got you wrong.

Olaf

Posted: **2022-07-23 00:27**

Hi everyone,

does this work in latest version 22.14? I tried but no luck.

Thanks

AppGini Community Forums

Improve Security (1) - Session Control for AppGini

Improve Security (1) - Session Control for AppGini

Re: Improve Security (1) - Session Control for AppGini

Re: Improve Security (1) - Session Control for AppGini

Re: Improve Security (1) - Session Control for AppGini

Re: Improve Security (1) - Session Control for AppGini

Re: Improve Security (1) - Session Control for AppGini