4

I am using sessions for user login & logout. I have a requirement that after 30 minutes of user inactivity he/she has to logout automatically. I searched & tried few solutions but didn't work though. I tried below solutions:

Solution1:

if(time() - $_SESSION['timestamp'] > 900) { //subtract new timestamp from the old one
    echo"<script>alert('15 Minutes over!');</script>";
    unset($_SESSION['email'], $_SESSION['user_id'], $_SESSION['timestamp']);
    session_destroy();
    $_SESSION['logged_in'] = false;
    header("Location: " . index.php); //redirect to index.php
    exit;
} else {
  $_SESSION['timestamp'] = time(); //set new timestamp
}

Solution2:

function auto_logout($field)
{
  $t = time();
  $t0 = $_SESSION[$field];
  $diff = $t - $t0;
  if ($diff > 3000 || !isset($t0))
  {          
    return true;
  }
  else
  {
    $_SESSION[$field] = time();
  }
}
if(auto_logout("email"))
{
  session_unset();
  session_destroy();
  header('Location: index.php');
  exit;
}

Neither of them worked, Could any one please tell me how to track last activity of user and check that time with the current time if exceeds 30 minutes and make that user logout?

Prasad Patel
  • 707
  • 3
  • 16
  • 53

2 Answers2

1

If you want to find the activity , you can use the javascript as below and then redirect to logout page to clear the session . here i put 5 sec of inactivity

    var t;
    window.onload = resetTimer();
    // DOM Events
    document.onmousemove = resetTimer();
    document.onkeypress = resetTimer();
    console.log('loaded');

function logout() {
        alert("You are now logged out.")
        //location.href = 'logout.php'
    }

    function resetTimer() {
  
        clearTimeout(t);
        t = setTimeout(logout, 5000)
        
    }
Azeez Kallayi
  • 2,567
  • 1
  • 15
  • 19
  • Thanks Azeez, where to put this code? is it in $(document).ready() function? – Prasad Patel Feb 09 '17 at 08:59
  • no need for $(document).ready(). You can put liek this. Put it in your header file so that it will appear in all pages – Azeez Kallayi Feb 09 '17 at 10:11
  • I understood your code & reply too, I think it will also work for sure but I found other answer worked for me so I used that because it is in php only that means no need to include any javascript code. Anyhow Thanks for your reply much appreciated. – Prasad Patel Feb 09 '17 at 12:46
1

I think this may help : How do I expire a PHP session after 30 minutes?

if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > 1800)) {
// last request was more than 30 minutes ago
session_unset();     // unset $_SESSION variable for the run-time 
session_destroy();   // destroy session data in storage
}
$_SESSION['LAST_ACTIVITY'] = time(); // update last activity time stamp
Community
  • 1
  • 1
DevMoutarde
  • 599
  • 7
  • 21
  • I need to put this code in "header" (or) where to put this code? Along with $_SESSION['user_id'] & $_SESSION['email'] Shall I need to set a session for "$_SESSION['LAST_ACTIVITY']" as well after login? – Prasad Patel Feb 09 '17 at 08:53
  • Actually this is pretty much the same as your 'solution 1', I haven't been into php much for the last years but my guess is that if you end up the session (with session_unset), [mail] and [user_id] will end up as well. – DevMoutarde Feb 09 '17 at 09:12
  • ['LAST_ACTIVITY'] is just a common name, it can be named w/e you want (i.e 'timestamp as in you example). It just needs to be refreshed and compared to a timeout value. – DevMoutarde Feb 09 '17 at 09:19