移动浏览器的Javascript / PHP页面超时

Question

I'm working on a mobile based web application that's mostly AJAX and Javascript powered. To access the main page a login page sends the data via post to the main page where it is checked with a mySQL query. If there's a problem with the login it will return you to the login page, else it will continue to the main page. I'm trying to find the best way to implement a time out to force a user to re-authenticate past a threshold.

Everything is controlled from the main page via jQuery and AJAX so they don't leave main.html at any point. My issue is how do mobile browsers handle being minimized or closed? For example I'm using Chrome on my Android device and I login to the web app. I do some actions and then minimize the browser to do other things on my phone. 3 hours later I open up Chrome with the tab still on the page and continue on with what I was doing earlier on the page. How can I intercept that and force them back to the login page after that time? I was thinking about storing the login time in a cookie and running a check against it every time a function is called but that doesn't seem very elegant.

Answer 1

Use session. Not use cookie. I think you miss some issues about PHP.

Answer 2

Cookies can always be changed.

This should be very simple if you're using PHP, just keep track of the last action performed:

$_SESSION['last_action'] = time();

Then, when there is an Ajax request to your server, check that value. If it's too long ago, force the user to login again (so, the response would return some value indicating that you need to show the login screen again).

I assume that you now how sessions work and you do start_session() etc..

You can also set an expiry date on your session if you don't mind doing that, but it might not be reliable .