Session Expire Message

[eluser]ShoKatoo[/eluser]
I need a custom message for one of my apps. Normally, when one user loggs off I add a piece of flashdata that indicates that, and after the redirect to login page, based on that flashdata I throw a "you have succssefully logged out..." message.
My question: how could I throw a "you have been automatically logged off for security reasons" message?

[eluser]WanWizard[/eluser]
Difficult to do with sessions alone, as there is no difference between an empty session because it's a new user, or because the users session expired.

You could use a second cookie to indicate the logged-in state. Create it when the user logs in, delete it when the user logs out, and use the same expiration as for the session cookie.

Then if the cookie exists but the session is empty, display your message (and delete the cookie).

[eluser]ShoKatoo[/eluser]
Could't the session class be made to set a flashdata when it detects the session to be expired?

[eluser]WanWizard[/eluser]
No.

Technically, it's not the session that expires, it's the session cookie that holds the ID of the session. When the cookie expires, the browser deletes it. Next request, the application doesn't see the cookie, so it creates a new session. The old record is still there, but it can't be associated with the user anymore.

You could solve that by not using the cookie expiration. Set the expiration so that the session never (or after your desired expiration time) expires. Then store your expiration timestamp in a session variable. On a page load, check this variable, if the session is expired, delete all fields related to a login (or destroy the session), and redirect with your message.

[eluser]ShoKatoo[/eluser]
You now... that could really work... with a few minor tweaks...
10x dude