0

Sometimes, a user leaves an application without clicking on logout button, or do shutting down or hibernating of its Machine, or even close all sessions (pages) related to the application domain. So the server cannot knows that the user has been logged out! In our case, we have a "time spent on last session" parameter to check the time of the last session activated for each user.

We need to auto Logout the user when he leaves the application without doing logout action! Is there a process how to do it?

Dharman
  • 30,962
  • 25
  • 85
  • 135
Mouhamad Ounayssi
  • 351
  • 3
  • 19

3 Answers3

1

You could set a cron job on the server to check for stale sessions But this is not a great solution since you have to deploy another solution (cron job) with your project. The way I would do it is have a check_credentials.php file included in your project that runs right after your DB connection, you will then add two fields in your users table for your projects users called: session_id AND last_checkin. The process will work like so:

Login:

  1. A session is created and a session_id can be retrieved from PHP on first hit (not logged in yet)
  2. If the user authenticates save the session_id to DB with current timestamp as last_checkin

Then you can have all the users do stale session checks at every page request:

Page Query:

  1. Delete session_id's from all users where last_checkin is older than 10min.
  2. Check if my current session_id = db.session_id
  3. If session don't match log out and send user to login.php
  4. if session_id's match then update last_checkin
johan
  • 998
  • 6
  • 20
0

You can do something like ,

  1. Set a session once user has logged in to your Site.

    $_SESSION['last_activity_recorded'] = time();

    this will keep track the activity from user

  2. On every page update this session to updated time(ie current time)

  3. Check for inactivity from user (here 30 minutes) and take necessary steps in unsetting the login credentials(before updating the session on top of every page)

    if($_SESSION['last_activity_recorded'] < time()+30*60){ session_unset(); session_destroy(); }

Dimag Kharab
  • 4,439
  • 1
  • 24
  • 45
  • Ok, it's fine, clear and known, but how can we inform the database for the logout time, after closing windows or shutting down,...??? if no more call of any page for the application? – Mouhamad Ounayssi Apr 11 '14 at 11:06
0

Try this:

if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > 600)) {
    session_unset();
    session_destroy();
}
$_SESSION['LAST_ACTIVITY'] = time();

If $_SESSION['LAST_ACTIVITY'] > 600 no activity in last 600 seconds (10minutes) then destroy session.

d.abyss
  • 204
  • 1
  • 4
  • 26