Sessions expire on single page website

Question

I have created a single page website where users need to login to. The time users are on this page can differ, they have to make a selection of products which might take from 15 minutes to a couple of hours.

After the selection is completed, the selection is send by e-mail with using an AJAX call to send the e-mail. In this AJAX call the $_SESSION['user_id'] is used to identify the user, so we know from who the selection is comming.

If the user takes longer then 1440 seconds (24 min) the session expire. Now I changed the session timeout to 3 hours, but the problem still exists. I hardly can't imagine that someone takes longer than 3 hours. But they probably do. Maybe the users loges in, does some groceries and continues.

So how would I be able to fix this problem? I thought of using a AJAX call every 5 minutes in the hope the session timeout time will be reset. But I don't know if that works and if that is the way to fix this issue.

have you started session on the top of the page like `session_start();` — Satish Sharma, Aug 21 '14 at 06:59
See: http://stackoverflow.com/questions/3476538/php-sessions-timing-out-too-quickly — Yorick, Aug 21 '14 at 06:59
@SKRocks, yes I have started the session after the user is logged in. The login page is a differte page and the user is redirected to another page after login. That page does a `session_start()`. — Timo002, Aug 21 '14 at 07:00
just keep your session alive by sending some request to the server periodically. — bansi, Aug 21 '14 at 07:02
@SKRocks, yes, all pages. First line in my include.php file that is included in every file on the website. — Timo002, Aug 21 '14 at 07:03
@RST, I have thought of that, and that will fix my issue (if users don't mess it up). So it could be a quick and dirty fix. But it doesn't solve the real issue. — Timo002, Aug 21 '14 at 07:08
I followed the answer in this question (http://stackoverflow.com/questions/3476538/php-sessions-timing-out-too-quickly) as mentioned by Yorick! Hope this works, time will tell! — Timo002, Aug 21 '14 at 08:35

Smruti Singh · Answer 1 · 2014-08-21T07:15:42.573

NOTE: I have edited the answer. Check it out fully. 
      First time I missed some points

I have a solution..

Though it is a bit tricky one.

If a user is inside a page, if he is idle, then his mouse wont be moving..

You can do a thing is that on mousemove u can call a ajax function which will set the timeof the mousemove into the database corressponding to the user.

Say the user table be loke this

|-----------------------------------------------|
|   id   |    last_active_time  |  login_status |
|-----------------------------------------------|
|    3   |        1243236456    |      1        |
|-----------------------------------------------|

where last_activity_contains php timestamp provided by time(); and login_status = 1 of user is logged in and login_status = 0 if user is not logged in.

When a user logs in and his session starts, 
          change the login_status = 1,
When user manualy logs out change login_status = 0. 
So from backend side, you can also check whether a user is 
logged in w.r.t the value of login_side

Now on each mousemove this value will be updated.

Now you have to run a cron j0b from the server which will call a php file which in turn will check whther the difference between the mousemove time and the current time than 30 minutes or not..

If its more than 30 minutes then set the login_status to 0.

EDIT:

You can change the 30 minutes frame to 1 or 2 hour.
The other solution is put another ajax call in every 10 minutes, which will check if
the login_status is 0 or 1. If the login status is 1 then the session will again be 
refreshed and as such the time_out will again start for next timeout session,

I understand what you've written. But that will logout the user and I don't want the user to be logged out. The session must keep existing, even after 1 hour of inactivity. — Timo002, Aug 21 '14 at 07:10

Sessions expire on single page website

1 Answers1