Covering a webpage with temporary login field

Question

I have a heavy ajax based web application. A single PHP file, codro.php is being loaded when the user logs in. All the rest on webpage is ajax based (buttons, navigation bar and so on).

After 30 minutes of inactivity the system will log the user out. If the user logs in the system again, he/she must navigate the certain working area in the application. So the user must repeat every step again.

Is it possible to create a cover of the webpage with login fields, so that when the user logs in the system, the cover just disappears and the user continues working at the same place where he/she was before logout?

Are there any other solutions for that issue? and what about security?

What about using `$_SERVER[HTTP_REFERRER]` or something like this, such as storing data in `$_SESSION`? — Muntashir Akon, Oct 22 '15 at 20:20

score 0 · Answer 1 · edited May 23 '17 at 10:27

Without any code it's hard to get a clear idea of how your code is running. I'm assuming you're using a session variable to determine whether the user is logged in or not.

The truth is that sessions close after a particular duration of being inactive. With that said you can increase the session duration. This may prove useful

Another option is you could send a cookie to let the client hold on to; however this isn't as secure as session.

If you want to approach the method you were asking about, you could set the page they were trying to navigate to using $_SERVER['REQUEST_URI'] and store it as a variable then navigate using header('Location: myLoginPage.php?oldURL=$oldURL')

So in the php file that's called be the AJAX would look something like this:

<?php
//Some other authenication code
if( !isset($_SESSION['userID']) ) {
    $oldURL = $_SERVER['REQUEST_URI'];
    header('Location: myLoginPage.php?oldURL=$oldURL');
    die; //stop running code
}
//Other code and functions
?>

Let me know if this helps!

Covering a webpage with temporary login field

1 Answers1