1

I have developed a staff record system for my company. The problem im facing is that the staff leaves their systems logged on and even forget to logout. I want the system to logout the user after leaving the system idle for 10 minutes. I have virtually no idea on how to go about it. I need your help

N. Felix
  • 69
  • 1
  • 10
  • 1
    start a javascript countdown timer every time the page is loaded. If the timer is on for a specific amount of time, redirect to a logout page to clear session variables. If the user switches pages, the javascript timer should start over. There may be an issue if you have a lot of page operations done with javascript to where the page is never reloaded, in this case, make whatever functions your running on the page also start the timer over. – GrumpyCrouton Jul 26 '17 at 15:29
  • 2
    Set the session expiration X minutes from when it was last refreshed. – Matt Jul 26 '17 at 15:30
  • 2
    Take a look here [How do I expire a PHP session after 30 minutes?](https://stackoverflow.com/questions/520237/how-do-i-expire-a-php-session-after-30-minutes) – quAnton Jul 26 '17 at 15:31

3 Answers3

2

I've built functionality similar to what you're trying to achieve in the past using jQuery Idle. It detects mouse and keyboard activity and only times out when a user is truly inactive.

https://github.com/kidh0/jquery.idle

Example:

$(document).idle({

  onIdle: function(){
     windlow.location.href = '/logout.php';
  },
  idle: 10000
})
Kevin P
  • 601
  • 3
  • 9
1

You can use this kind of code.

<!-- //for 10 minutes // the easiest one!-->
<meta http-equiv="refresh" content="600;url=logout.php" />

Keep in mind the logout.php need some code like this

session_start();
session_destroy();
unset($_SESSION);
header("Location: 'index.php?stayedToLong=yes');
exit;

Or SESSION in php something like 

session_start();

//measure the time
$_SESSION['loggedTime'] = time();


 //10 minutes
if($_SESSION['loggedTime'] < time()+10*60)
{
    session_destroy();

    unset( $_SESSION );

    header("Location: 'index.php?stayedToLong=yes');
    exit;
}

In the index.php page from the redirection index?stayedToLong=yes, you can show the page like this.

if(isset($_GET['stayedToLong']) && $_GET['stayedToLong']=='yes')
{
    echo 'You have are disconnected after 10 minutes';
}
Michael GEDION
  • 879
  • 8
  • 16
-3

There's a couple of methods here. First off, your server should be clearing sessions after a certain time has elapsed. Your server should also have some way to refresh that session, typically an api endpoint of some sort that simply refreshes the session to keep it active.

In combination with that, in order to avoid an issue where your server session has ended but your front end session has not, you'll want to use a timer in javascript that requests the session value every few minutes. If that session ever returns inactive then you'll want to either display a modal or popup allowing the user to continue their session or you'll want to just automatically redirect them to a page that tells the user their session has expired.

In javascript your solution might look something like the following.

function confirmSessionRefresh(){
    if( confirm('Your session will expire in 1 minute. Click Ok to continue or cancel to log out in 1 minute.') ){
        fetch('/api/refreshsession');
        setTimeout(confirmSessionRefresh, 540000);
    }
}

setTimeout(confirmSessionRefresh, 540000); // 9 minutes (to allow 1 minute to respond to the prompt.
Pixelmixer
  • 319
  • 1
  • 11