1

Does anyone know where I can read a tutorial on, or know how to create a Javascript-based session timeout that has a warning built in, and optionally these features:

  • user activity resets the timer
  • interacts with database (last seen on, etc.)
  • if inactive, it will log out users (by redirecting to a logout.php page)
  • before it logs users out, it will display a popup message that asks if they want to continue

Unfortunately, I don't know too much about Javascript.

Mateng
  • 3,742
  • 5
  • 37
  • 64
kdjernigan
  • 309
  • 2
  • 5
  • 14
  • Javascript is completely client-side; if you depend on any amount of security with what you suggest, it will not be safe in any way. Client-side code is not only editable, but can also be disabled.. Also allowing javascript to communicate with a database directly is very unwise, due to the same reasons.. – Luceos Jul 18 '12 at 10:00
  • What I am using this for is after an admin logs in. This code will not be available to public, and they have to log in through PHP and be on the database to even log in. But is there another alternative to a timeout feature that is more secure? – kdjernigan Jul 18 '12 at 10:08

2 Answers2

6

I don't know how your website is done, but if done right, you should have a log in session and some sort of back end control system that denies any action if the previous action was made X minutes/hours ago and automatically expires the user. If you want to implement some client side code, you should have a javascript timer that alerts the user when expire time is about to be complete and you can also redirect the user to the homepage or log in page after the expire time is reached. This way all security features are on the back end and the javascript only works as a display measure for the display behavior.

UPDATE:

setInterval(function(){alert("Hey, your session is ending")},360000);

setInterval(function(){
    redirect();
},720000);

function redirect(){
    document.location = "../logout.php"
}

UPDATE2:

setInterval(function(){
    logout();
},600000);

function logout(){
    if(confirm('Logout?'))
        redirect();
    else
        alert('OK! keeping you logged in')
}

function redirect(){
    document.location = "../logout.php"
}

Every page with this code will ask after 10 minutes if the user wants to logout. This means your session cannot expire by itself, you must leave the control to the user

richardwhitney
  • 506
  • 1
  • 6
  • 21
JSantos
  • 1,698
  • 22
  • 39
  • 1
    my question currently asks where i can find the code to exactly what you just said...you basically repeated my question.... – kdjernigan Jul 18 '12 at 10:51
  • The client side or server side? Server side really depends on your implementation. Client side is just as I said, using javascript timer: check update answer – JSantos Jul 18 '12 at 12:26
  • @kdjernigan is that what you're looking for? – JSantos Jul 18 '12 at 12:46
  • Yes, except is there a way that it could allow them to have 2 options, continue session and log out? – kdjernigan Jul 18 '12 at 14:27
  • 1
    How did it go? Don't forget to close your answer when you're finished – JSantos Jul 23 '12 at 13:13
  • This works as a basic hint for users. I am currently trying to wire it with my php session handling, as the JS counter is reset every time the page is reloaded. – Mateng Dec 12 '12 at 18:32
  • Usualy that's the point Mateng. Usualy the system should auto logout on idle, but here the asker specificaly said he wanted the user confirmation. Why would you want this to be handled by PHP? So you would click a link and then be pronped to log out? The objective is for the counter to be reset everytime you have a confirmation that the user is online – JSantos Dec 18 '12 at 10:11
0

Session Logout after 5 minutes

<script type="text/javascript">
        var interval;
         $(document).on('mousemove', function () {
             clearInterval(interval);
             var coutdown = 5 * 60, $timer = $('.timer'); // After 5 minutes session expired  (mouse button click code)
             $timer.text(coutdown);
             interval = setInterval(function () {
                 $timer.text(--coutdown);

                 if (coutdown === 0) {

                     alert("Session expired. User successfully logged out.");
                     window.location = "UserLogin.php";
                 }

             }, 1000);
         }).mousemove();

         var interval;
                     $(document).on('keydown', function () {
             clearInterval(interval);
             var coutdown =5 * 60, $timer = $('.timer'); // After 5 minutes session expired (keyboard button press code)
             $timer.text(coutdown);
             interval = setInterval(function () {
                 $timer.text(--coutdown);

                 if (coutdown === 0) {

                     alert("Session expired User successfully logout.");
                     window.location = "UserLogin.php";
                 }

             }, 1000);
         }).mousemove();
    <script>



         <html>
            <div class="timer">
                 Time of session display on page 
            </div>
        </html>
Ahsan
  • 3
  • 7
  • Did you write this code? If not, a link will be very helpful as OP is looking for more explanations aside from the code itself, in order to learn to do it himself. – TamaMcGlinn Sep 17 '19 at 10:01
  • No, that my code,This is not copied @TamaMcGlinn – Ahsan Nov 05 '21 at 07:41