Improve Security (1) - Session Control for AppGini

The recommended method of customizing your AppGini-generated application is through hooks. But sometimes you might need to add functionality not accessible through hooks. You can discuss this here.
Post Reply
sathukorala
AppGini Super Hero
AppGini Super Hero
Posts: 121
Joined: 2020-02-16 16:29

Improve Security (1) - Session Control for AppGini

Post by sathukorala » 2020-05-10 08:42

In this, I will show you how to implement user session control for AppGini which will give you added security for your apps

15.png
15.png (27.39 KiB) Viewed 31869 times


Follow the below steps

1. Create a file called session_keep.php in main folder with the following code (you can create a file with any name)

Code: Select all

<?php
$script_name = basename($_SERVER['PHP_SELF']);
$user = getLoggedMemberID();
	if($script_name == 'index.php' && (isset($_GET['signIn']) || isset($_GET['loginFailed'])) || $user == "guest"){ // this prevents session out in login page and guest access pages
			session_unset();
			session_destroy();
	}
	else {
			session_start();
			if($_SESSION['session_count'] == 0) {
			$_SESSION['session_count'] = 1;
			$_SESSION['session_start_time']=time();
				} else {
					$_SESSION['session_count'] = $_SESSION['session_count'] + 1;
				}

				$session_timeout = 60; // enter number of seconds here for session to live (in sec) - 60 = 1 minute - 1800/60 = 30 min

				$session_duration = time() - $_SESSION['session_start_time'];
				if ($session_duration > $session_timeout) {
				session_unset();
				session_destroy();
				session_start();
				session_regenerate_id(true);

				header("Location: index.php?signIn=1"); // Redirect to Login Page - index.php?signIn=1 - or whatever you wish
				$_SESSION['custom_err_msg']= "Your session has expired !!! Please login again"; // Enter the session out prompt you want
				} else {
				$_SESSION['session_start_time']=time();
				}

		}
?>
2. Include the session_keep.php file in hooks > footer-extras.php

Code: Select all

<?php
include("$currDir/session_keep.php");
?>
3. Add following code to hooks > header-extras.php (This is the message prompt seen on the upper part of the window)

Code: Select all

<?php	
if (isset($_SESSION['custom_err_msg'])) {
	$customError ='<div id="customErrorMessage" class="custmErrMsg alert alert-dismissable alert-danger">'.$_SESSION['custom_err_msg'].'</div>';
	echo $customError;			
	if ($_SESSION['custom_err_shown'] == 1){
		unset($_SESSION['custom_err_msg']);
		$_SESSION['custom_err_shown'] = 0;
	} 
	else {
		$_SESSION['custom_err_shown'] = 1;
	}				
}

?>

That's all
You can set the session out time in seconds in $session_timeout
This session out will not work on login page and guest access pages because they are not used by logged in users

Feel free to comment

User avatar
Jay Webb
Veteran Member
Posts: 80
Joined: 2017-08-26 15:27
Contact:

Re: Improve Security (1) - Session Control for AppGini

Post by Jay Webb » 2020-05-16 00:14

Thanks for this sathukorala, fantastic addition.
What we envision, we make happen.

dharbitindy
Veteran Member
Posts: 101
Joined: 2019-05-26 18:38

Re: Improve Security (1) - Session Control for AppGini

Post by dharbitindy » 2020-05-28 03:44

Works great! Thank you for sharing indeed...

David

jmacdougall
Posts: 26
Joined: 2015-11-02 01:22

Re: Improve Security (1) - Session Control for AppGini

Post by jmacdougall » 2021-08-15 16:54

I try to login now and it just loops me back. I am also using your CAPTCHA v2 checkbox. My AG is v5.97 rev 1142

Here is my link... h t t p s://ccshelpdesk dot com
Jeff MacDougall

jmacdougall
Posts: 26
Joined: 2015-11-02 01:22

Re: Improve Security (1) - Session Control for AppGini

Post by jmacdougall » 2021-08-16 11:31

I ended up removing this function for now so I can work on my project. I will for now but, would like to know if this can be resolved. Thanks for your efforts!
Jeff MacDougall

Post Reply