how to auto logout using $_SESSION or js timer?

i read up on the topic but have no idea where to start what will the first step be? i have this code that gets called first: rclayout.php

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
    <?php include_http_metas() ?>
    <?php include_metas() ?>
    <?php include_title() ?>
    <link rel="shortcut icon" href="/favicon.ico" />
    <?php use_stylesheet('rainbow.css');  ?>
    <?php use_javascript('rainbow.js'); ?>
    <?php include_stylesheets(); ?> 
    <?php include_javascripts(); ?>
</head>
<body onload='ax_startup();'>   
<center>
    <?php
       echo "<div id='div_main_container_rc'>"; 
    ?>
<div id='div_header_container_rc'>
   <?php include_component('profile','header'); ?>
</div>
    <?php       
            echo "<div id='div_content_container_rc'>";
            echo $sf_content;
            echo "</div>";
            echo "<div id='div_footer'>";
    ?>
   //show a footer menu here
</div>  
</div> 
</center>
 </body>
 </html>

then _header.php is where it checks if a user is logged in:

<?php
$USR_IS_ADMIN = false;
$USR_AUTH     = false;

if($sf_user->hasAttribute('ADMIN'))
{
    $USR_IS_ADMIN = true;
}
    $id = $sf_user->getAttribute('profile_id');
开发者_如何转开发
    if($sf_user->hasAttribute('profile_id') > 0)
{   
      $profile = RcProfileTablePeer::getById($id);
      $activated = $profile->getActivated();
       if($activated == 1)
       {
        //echo "activated".$activated;
        $USR_AUTH = true;
       }
       else
       {
        //echo "NOT activated".$activated;
    $USR_AUTH = false;
        }
}
   ?>
   <?php if(!$USR_AUTH) : ?>
       //show a specific menu here   
   <?php endif;?>

  <?php if($USR_AUTH):?>
      //show a different menu here pertaining to logged in user
  <?php endif;?>

my UPDATED factories.yml file:

prod:
  logger:
  class:   sfNoLogger
  param:
    level:   err
    loggers: ~

test:
  storage:
  class: sfSessionTestStorage
  param:
    session_path: %SF_TEST_CACHE_DIR%/sessions

response: 
  class: sfWebResponse
  param:
    send_http_headers: false

mailer:
  param:
    delivery_strategy: none

dev:
  mailer:
  param:
    delivery_strategy: none

all:
  routing:
  class: sfPatternRouting
  param:
    generate_shortest_url:            true
    extra_parameters_as_query_string: true

  view_cache_manager:
    class: sfViewCacheManager
    param:
      cache_key_use_vary_headers: true
      cache_key_use_host_name:    true

user:
  param:
     timeout: 300

where must i start how will i do this? i dont see a session set anywhere do i configure the php.ini file and if so how? or do i do this with a session?

please help? thank you

---

Just destroy your session vars when you want with session_destroy(). if you don't know which session vars are set you can use something like this to print them out

 <?php 
 session_start(); 
 Print_r ($_SESSION);
 ?>

If you want to logout an user you need to unset() the user id too have a look to the php manual

http://php.net/manual/en/function.session-destroy.php (read description)

---

By default PHP uses the PHP session mechanism. This session is configurated through the factories.yml. The default configuration is like this:

  user:
    class: myUser
    param:
      timeout:         1800
      logging:         %SF_LOGGING_ENABLED%
      use_flash:       true
      default_culture: %SF_DEFAULT_CULTURE%

So, by default, the session will automatically time out after 1800 seconds (= 30 minutes).

Your own factories.yml overrides the default factories.yml from Symfony (which can be found in /lib/vendor/symfony/lib/config). In that factories.ymlthe user factory is defined like above. So if that configuration is sufficient for you, you don't have to anything. If you want to change the timeout, you can override the appropriate lines in your ownfactories.yml. In that case you can add to following lines to your ownfactories.yml`:

  user:
    param:
      timeout:         900  # log out after 15 minutes

Oh, and I really, strongly, recommend you to keep the logic out of the view in _header.php. All the PHP code with the if/else structures should be in the components.class.php, and te view (_header.php) should be only view data.

So something like this:

Controller:

// components.class.php
public function executeHeader() {

    // code here...
    $this->isAuthenticated = true/false;
} 

View:

 <?php if ($isAuthenticated): ?>
 ...
 <?php enif; ?>
 <?php if (!$isAuthenticated): ?>
 ...
 <?php enif; ?>

Much cleaner, and it seperates the view from the logic... :-)