0

use countdown timer for logout user,if user is inactive for 2hrs..

function Timer(duration, display)  {
    var timer = duration, hours, minutes, seconds;
    setInterval(function () {
        hours = parseInt((timer /3600)%24, 10)
        minutes = parseInt((timer / 60)%60, 10)
        seconds = parseInt(timer % 60, 10);

        hours = hours < 10 ? "0" + hours : hours;
        minutes = minutes < 10 ? "0" + minutes : minutes;
        seconds = seconds < 10 ? "0" + seconds : seconds;

        display.text(hours +":"+minutes + ":" + seconds);
        if(hours == 0 && minutes == 0 && seconds == 0){
            $.ajax({
              url:'../ajax/logoutuser.php',

              success: function(data){
                  console.log('logout');
              }
            });
        }else{
           --timer;
        }

    }, 1000);
}

window.onload = function () {
  var twentyFourHours = 1 * 1 * 3;
  var display = $('#time');


 Timer(twentyFourHours, display);


};

and since i cant call session destroy on jquery function i use ajax to make request..

<?php

require_once '../config/database.php';
require_once '../includes/dboperations/user.php';

$database = new Database();
$conn = $database->getConnection();
$db =  new User($conn);

$user = json_decode($_SESSION["user"]);
        $db->offlineStatus($user->user_id);


        session_destroy();

        echo "<script>window.location.href = '../index.php'</script>";

?>

but what happens is, it doesnt call the session destroy function after making request. it runs the console.log inside success function..

is there a way to log out user if inactive for 2hrs

Moby M
  • 910
  • 2
  • 7
  • 26
Lion Smith
  • 647
  • 3
  • 16
  • 48
  • As far as I see, your inactivity detection forces user to refresh/reload page to be considered as active. Isn't it better to take inactivity as no action (no mouse move, no key pressed, no click)? – Lkopo Sep 07 '17 at 06:36
  • i dont have any idea on how to check that tho..but if you can give me an idea it would be better since that is what im trying to do. – Lion Smith Sep 07 '17 at 06:40
  • If the very main reason is something client-side (eg. destroying cookies) you might want to go for a Javascript-solution (even tough personally I don't like it cause clien-side Javascript can be forged by the user). If it's something server-side you want to achieve, choose for server-side session destroy. Or both... I'd prefer server-side though b/c it's safer: record user activity in your php code and simply kick user (destroy session) if activity (post/get etc.) time > max user idle time. – Werner Sep 07 '17 at 06:40
  • Have a look [here](https://stackoverflow.com/a/4029518/2811746) for instance. There are many solutions on SO :) – Lkopo Sep 07 '17 at 06:42

2 Answers2

2

You can achieve by php way. Something like 

$expiry = 1800 ;//session expiry required after 30 mins
if (isset($_SESSION['LAST']) && (time() - $_SESSION['LAST'] > $expiry)) {
    session_unset();
    session_destroy();
}
$_SESSION['LAST'] = time();
Suresh Velusamy
  • 2,338
  • 19
  • 24
  • but does the `$_SESSION['LAST'] refresh its value when page reloads?. cause what im actually trying do to using countdown timer it will only run once the page doesn't reload anymore.. – Lion Smith Sep 07 '17 at 06:34
  • if you have this code added to the common file, which is assuring each page load it will decide the log out in the backend. still, we can add timer function in front-end (JS) we can achieve it. – Suresh Velusamy Sep 07 '17 at 06:40
1

Instead of echo script from php file out it in success function of ajax code

success: function(data){
         console.log('logout');
         window.location.href = '../index.php';
}
B. Desai
  • 16,414
  • 5
  • 26
  • 47
  • but does it acctually destroy the session? it redirects me to my homepage since the session didn't destroy.. that's why i use window.location.href on echo to check if session_destroy will be called. – Lion Smith Sep 07 '17 at 06:31
  • yes it will destroy session as per your php code calling during ajax – B. Desai Sep 07 '17 at 06:37
  • yeah i just messed up on my ajax request.. but it works.. now i have to figure out with no action at all.. like mouse move/click key press... – Lion Smith Sep 07 '17 at 06:39