1

This code works perfectly when user press refresh after 30 sec of page inactivity, but i need some code to automatic destroy sassion and refresh page after 30 seconds of inactivity.

  <?php
    $inactive = 30;
    ini_set('session.gc_maxlifetime', $inactive);
    session_start();

    if (isset($_SESSION['testing']) && time() - $_SESSION['testing'] > $inactive) {
        session_unset();     // unset $_SESSION variable for this page
        session_destroy();   // destroy session data
     echo "<br><br>Sorry, you can't go any further!!!";
     echo "<br>Please log in.";
     echo "<br/><a href='index.php'>Go back to login page</a>";
    }else{
    //Here is some code to do when the session is still active
    }

    $_SESSION['testing'] = time();
    ?>
Marko Katic
  • 63
  • 1
  • 9
  • You can use js `setTimeout('windows.location = index.php', 30000)` but I bad know js – Naumov Feb 27 '16 at 21:14
  • This doesn't do job for me because even if i click on page or scroll page, or mouse move or typing on input field, this function will run anyway. I need to START COUNTING time when user stops interact and go away from mouse and keybord. – Marko Katic Feb 27 '16 at 21:32
  • You can use event mousemove on document if mouse stop set start counting – Naumov Feb 27 '16 at 21:45
  • ok this is much better and closer answer that i want, but i need some keyboard event too(e.x. if user typing something into the input field) if stop keyboard typing(on press button) to start counting timer, and how to implement that events for mouse and keyboard into the code? thx – Marko Katic Feb 27 '16 at 21:53
  • Sorry I bad know java script and English but. keyboard exist event `keydown` and `keyup` – Naumov Feb 27 '16 at 21:56

1 Answers1

5

There are a few ways to approach this depending on how you want the user to be notified - if you simply want the page to be reloaded after the time has expired - this will work:

<meta http-equiv="refresh" content="30" >

if placed in the head tag of the page - basically this will cause the page to refresh after 30 seconds - which will cause your PHP code to execute again, which will produce the effect you want.

If you want a better user experience - i.e. not making the page just refresh but giving the user some kind of warning / prompt that something is about to expire - you need to use javascript - something like this would work (inside of a script tag on your page):

setTimeout(runAfterThirty, 30000);

function runAfterThirty() {
    alert("Your session expired - I am going to refresh the page now");
    location.reload(); 
}

inside of your function, you could put anything you want - you would most likely want something that changes the page rather than refreshes it.

Either way, the page is refreshed by the javascript, which means that your PHP code can execute. You should destroy the session with PHP.

You can achieve this slightly differently if you wish - by calling an AJAX request that will hit a page that is designed to destroy the session - however it looks like, based on your code - this is not needed - however an approach that used AJAX would mean the user's page did not need to refresh - the logic would be like this:

1) The page has some javascript code that calls a function after the time limit has expired (see above code) - that function then makes an AJAX request off to another page 2) The other page invalidates the php session 3) the calling page shows some kind of error / message to the user stating that they have timed out

If however you want to timeout after true user inactivity you need this: Detecting idle time in JavaScript elegantly, however i don't believe these solutions at 100% fool proof (they will break totaly on mobile for instance)

NOW - if you want to use the above link - you WILL NEED ajax - as your current code will not work - basically (and i am not going to write you an AJAX tutorial here) - you need to use javascript to work out when your timeout is reached (using the above SO link) AND THEN hit the server and tell it to invalidate the session (read this tutorial for more information http://www.w3schools.com/ajax/)

Note that you need to decide what to do when a user does not invalidate a session via ajax but refreshes the page - that is to say, a user could block all ajax requests from their browser - meaning that they never self-invalidated the session even if they are inactive - you would however maybe want the server to timeout the session after 3 mins or something? this is all app design stuff.

Community
  • 1
  • 1
IaMaCuP
  • 835
  • 5
  • 19
  • This doesn't do job for me because even if i click on page or scroll page, or mouse move or typing on input field, this function will run anyway. I need to START COUNTING time when user stops interact and go away from mouse and keybord. – Marko Katic Feb 27 '16 at 21:32
  • I have linked you to another SO post that addresses exactly your question - there is both a jquery and non-jquery answer on there. – IaMaCuP Feb 27 '16 at 21:45
  • note - there are more design issues with this, and you will need to use ajax to achieve the best result – IaMaCuP Feb 27 '16 at 21:58
  • OK if that only possible reliable solution to work with events with this kind of problem I will try then with ajax. I was thinking that will be much more easier to do but anyway thank you for exhaustive answer! – Marko Katic Feb 27 '16 at 22:19
  • i solve this problem with ajax on that SO post, that works perfectly for me exactly what i need, but only must add source for jquery library: – Marko Katic Feb 27 '16 at 22:45
  • great news - you should try using a newer version of ajax - 1.12 is quite old - try 2.2 and see if that works - https://developers.google.com/speed/libraries/ – IaMaCuP Feb 27 '16 at 22:51