PHP auto-logout after 10 mins of inactivity
Question
Currently I'm tracking time spent by user on website using PHP code mentioned below:
if (!isset($_SESSION[timeset1]))
{
$one_val = time();
$_SESSION[timeset_dummy]= $one_val;
$two_val = time()+1;
$_SESSION[units_all] = array
(
"year" => 29030400,
"month" => 2419200,
"week" => 604800,
"day" => 86400,
"hr" => 3600,
"min" => 60,
"sec" => 1
);
}
else
{
$two_val = time();
}
$diff = abs($two_val - $_SESSION[timeset_dummy]);
foreach($_SESSION[units_all] as $unit => $mult)
if($diff >= $mult)
{
$output .= " ".intval($diff / $mult)." ".$unit.((intval($diff / $mult) == 1) ? ("") : ("s"));
$diff -= intval($diff / $mult) * $mult;
}
I want to give pop-up to users after 8 mins of inactivity that session will expire in next 2 mins. Can you please suggest how can I show pop-up (preferably without using Javascript, nice to have with CSS3 & HTML5) . Pop-Up will have warning message "Do you want to continue" and one button "Yes" , if button is not clicked for 2 mins automatically page logout script (PHP) will be executed.
Any pointers to to get this logic implemented.
4 answers
solution1
6 2013-08-17 14:10:28
I found a jQuery plugin that looks like it will make your life easier. It is called jquery-idleTimeout.
The plugin has a few configuration items so you can customize it for your own needs…
- inactivity: 1200000 //20 Minute default (how long before showing the notice)
- sessionAlive: 300000, //5 minutes default how often to hit alive_url, we use for our ajax * interfaces where the page doesn't change very often. This helps to prevent the logout screen of your app appearing in ajax callbacks. If you set this to false it won't send off.
- alive_url: '/path/to/your/imHere/url', //send alive ping to this url
- redirect_url: '/js_sandbox/', //Where to go when log out
- click_reset: true, //Reset timeout on clicks (for ajax interface) – resets the sessionAlive timer, so we are not hitting up your app with alive_url if we just did an ajax call for another reason.
- logout_url: '/js_sandbox/timedLogout/index.html' //logout before redirect (url so you can completely destroy the session before redirecting to login screen)
Here is a link to the github page to download the library.
https://github.com/philpalmieri/jquery-idleTimeout
Edit
Something I also noticed while looking at the source code, they are using jquery-ui as their stylesheet to make it look like it does in the demo.
solution2
4 2013-08-17 14:39:28
As far as I know, you cannot achieve what you are looking for without javascript. The browser needs javascript to know when to open the pop-up. You can use whatever means you want to check for timeout, either the basic window.setTimeout or a more advanced library (like the one in tehAon's answer).
Since I cannot post a comment I'm going to ask here: your code seems awfully complicated for checking if a user is still active. Is there any particular reason you could not use something like this:
$_SESSION['last_activity'] = time();
function check_if_logged_in() {
if(time() - $_SESSION['last_activity'] > 600) { // 10 minutes but you could use 480 for 8 minutes
// Do redirect or take other action here
}
}
solution3
0 2014-07-10 20:46:01
if(time() - $_SESSION['timestamp'] > 900) { //15 minute subtract new timestamp from the old one
$_SESSION['logged_in'] = false;
session_destroy();
header("Location: " . index.php); //redirect to index.php
exit;
} else {
$_SESSION['timestamp'] = time(); //set new timestamp
}
solution4
0 2016-02-22 17:56:25
This is quite easy with php session variable.
set $_SESSION variable with timestamp and check with the action time
<?php
session_start();
if(time()-$_SESSION['time']>600)
unset($_SESSION['time']);
else
$_SESSION['time']=time();//updating with latest timestamp
?>
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.