Home/ Questions/Q 7935705
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-03T22:00:24+00:00

I have a webpage. The authentication to the webpage is handled by a ldap

  • 0

I have a webpage. The authentication to the webpage is handled by a ldap server I have set up. Now I wan`t to implement sessions, so that when a user is inactive for a period of time (in the case below, 10 seconds), the session will end and the user will unbind from the ldap server. I found this excerpt of code:

<?php
    session_cache_expire(20);

    session_start(); 
    $inactive = 10;
    if(isset($_SESSION['start'])) {
        $session_life = time() - $_SESSION['start'];
        if($session_life > $inactive){
            header("Location: endSession.php"); 

        }
    }
    $_SESSION['start'] = time();
?>

It is not working. If I refresh the page it redirects me to my ‘endSession.php’ page, even if I`m active.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team
    function check_auth_ldap () {

  $sessionTimeoutSecs = 10;
  $ldapServer = '11.22.33.44';
  $ldapPort = 389;

  if (!isset($_SESSION)) session_start();

  if (!empty($_SESSION['lastactivity']) && $_SESSION['lastactivity'] > time() - $sessionTimeoutSecs && !isset($_GET['logout'])) {

    // Session is already authenticated
    $ds = ldap_connect($ldapServer, $ldapPort);
    if (ldap_bind($ds, $_SESSION['username'], $_SESSION['password'])) {
      $_SESSION['lastactivity'] = time();
      return $ds;
    } else {
      unset($_SESSION['lastactivity'], $_SESSION['username'], $_SESSION['password']);
      header("Location: endSession.php");
      exit;
    }

  } else if (isset($_POST['username'], $_POST['password'])) {

    // Handle login requests
    $ds = ldap_connect($ldapServer, $ldapPort);
    if (ldap_bind($ds, $_POST['username'], $_POST['password'])) {
      // Successful auth
      $_SESSION['lastactivity'] = time();
      $_SESSION['username'] = $_POST['username'];
      $_SESSION['password'] = $_POST['password'];
      return $ds;
    } else {
      // Auth failed
      header("Location: endSession.php");
      exit;
    }

  } else {

    // Session has expired or a logout was requested
    unset($_SESSION['lastactivity'], $_SESSION['username'], $_SESSION['password']);
    header("Location: endSession.php");
    exit;

  }

}

    Just call the above function at the top of every protected page. This will handle all the authentication processes. It will return the LDAP connection resource if the user is authenticated, and redirect them to endSession.php if they are not.

    Just place this line at the top of each page:

    $ds = check_auth_ldap();

    …and the function will do all the legwork for you.

    • 0