Automatically log out the user if he is not active for a certain period of time

Question

I want a user to be automatically logged out after 30 minutes if he hasn't been active.

I've tried the following code :
Index.php :

<?  
if ((time() - $_SESSION['last_activity']) > 1800) // 30* 60 = 1800
{  
   header("Location: logout.php");  
}  
?>

login.php:

<?  
        $_SESSION['unm'] = $row['u_unm'];
        $_SESSION['uid'] = $row['u_pwd'];
        $_SESSION['status'] = true;
        $_SESSION['last_activity'] = time();  
?>

My problem is I don't understand how this code is keeping track of user activity?

The problem I am facing is determining whether the user is active or not. But I want the user only to be logged out if he is not doing anything.

Can anybody tell me how to keep track of that? Thanks.

check this http://stackoverflow.com/questions/9124560/how-to-expire-php-session-if-user-is-inactive-for-15-mins — manny, Jan 06 '17 at 06:14
Just so you know - Sessions live for 1440 seconds (24 minutes) by default. `:)` Just thought I'd put that in. (editable in config) - Also it's possible that in the header each time it's loaded the `$_SESSION['last_activity'] = time()` can be ran to give that data. — Jack Hales, Jan 06 '17 at 06:17
may this [link](http://stackoverflow.com/questions/572938/force-logout-users-if-users-are-inactive-for-a-certain-period-of-time) will help you Thank you.... — Ehsan Ilahi, Jan 06 '17 at 06:24
@Jek Can you please explain to me how this code keeps tracking the activity? I mean is it not just keeping the session for 30 minutes and then destroy it whether the user did something or not? I've basically created this session($_SESSION['last_activity']) when a user will be successfully logged in. Doesn't that mean the user will always be logged out after 30 minutes? — Optimized Faisal, Jan 06 '17 at 06:42
I'm saying this would fix your solution to the "how does it get `$_SESSION['last_activity']`, you'd post this before your check. :) — Jack Hales, Jan 06 '17 at 06:46

score 2 · Accepted Answer · edited May 23 '17 at 10:30

2

Looks like you only have the index.php. Try to modify your code like this:

<?  
if ((time() - $_SESSION['last_activity']) > 1800) // 30* 60 = 1800
{  
   header("Location: logout.php");  
} else {
   $_SESSION['last_activity'] = time();
}
?>

This will only update your session, if the user did something under your 30 mins.

Seems like you don't use a library, so you could need to implement this on every site you have.

EDIT

Create a new file, which could be named as lifesaver.php or something like this. In this file, you paste the code from above.

Now you include it on every page you have, like this: require('lifesaver.php');

This will include your file and you have the code from above in your site.

Explanation how the code from above works:

EDIT: Basically reload the page in 30 or greater minutes and you'll automatically be taken to logout.php. If you reload the page sooner than 30 minutes your time will be updated(meaning another 30 minutes till automatic logout). The code is executed every time a user reloads or goes to a page with this script. – Antono

edited May 23 '17 at 10:30

Community

1
1

answered Jan 06 '17 at 06:18

Patrick Mlr

2,955
2
16
25

Then you have to implement this to every site you have. You could create a new file with this code and include it to every site you have. – Patrick Mlr Jan 06 '17 at 06:28
Suppose I have 3 pages : index.php, Contact.php and About.php. Shouldn't I need to include this code to each page? Otherwise how could it set the timer when I will be in Contact page? – Optimized Faisal Jan 06 '17 at 06:29
@OptimizedFaisal you could move it into a file and require it for every page. Or you could put that in a class and do `spl_autoload_register()` for that. – Jan 06 '17 at 06:36
Can you please explain to me how this code keeps tracking the activity? I mean is it not just keeping the session for 30 minutes and then destroy it whether the user did something or not? I've basically created this session($_SESSION['last_activity']) when a user will be successfully logged in. Doesn't that mean the user will always be logged out after 30 minutes? – Optimized Faisal Jan 06 '17 at 06:37
@Antono Thank you for your explaination. It is now more clear to me. :) – Optimized Faisal Jan 06 '17 at 06:46
2

**EDIT:** Basically reload the page in 30 or greater minutes and you'll automatically be taken to `logout.php`. If you reload the page sooner than 30 minutes your time will be updated(meaning another 30 minutes till automatic logout). The code is executed every time a user reloads or goes to a page with this script. – Jan 06 '17 at 07:06

Automatically log out the user if he is not active for a certain period of time

1 Answers1