Noozer wrote:

User opens a page. A session starts and they are asked to log in. They spend 30 minutes reading the page, then clicks a link. Since they were on the page for 20+ minutes their session ended. At that point they are asked to log in, and then taken to their chosen page as if never interrupted.

Reasonably easy, yes. This example is in PHP, but the same idea should work for other languages. At the top of every page that requires authorisation:


<?php require_once "checkauth.php"; 1?>

In checkauth.php, do this:


<?php
function check_is_logged_in ()
{
	// Write this function yourself.
	// Return TRUE if logged in.
	// FALSE otherwise.
}

if (!check_is_logged_in())
{
	$me = $_SERVER['REQUEST_URI'];
	$script = "http://{$_SERVER['HTTP_HOST']}/login.php";
	$url = "{$script}?referer=".urlencode($me);
	header("HTTP/1.1 303 See Other");
	header("Location: {$url}");
}	
1?>

In login.php, do this:


<?php
$error_msg = '';
$u = stripslashes($_POST['username']);
$p = stripslashes($_POST['password']);
$r = stripslashes($_POST['referer']);

function check_pass ($username, $password)
{
	// Write this function yourself.
	// Return TRUE if password is ok.
	// FALSE otherwise.

	// Set a cookie or something that can
	// be checked by the check_is_logged_in()
	// function.
}

if (isset($u))
{
	if (check_pass($u, $p))
	{
		$url = "http://{$_SERVER['HTTP_HOST']}/{$r}";
		header("HTTP/1.1 303 See Other");
		header("Location: {$url}");
		exit();
	}

	else
		$error_msg = '<p>Password wrong.</p>';
}
489?>