Automatically log out php application after 2 mins

Question

I have finished designing an application but would like to make the application logout out after 5 minutes of inactivity.

The first page is:

<?php
session_start();
require_once("class.user.php");
$login = new USER();
if($login->is_loggedin()!="")
{
$login->redirect('user.php');
}
?>

This is the user page:

<?php
require_once("session.php");

require_once("class.user.php");
$auth_user = new USER();
$user_pin = $_SESSION['user_session']; ?>

The session.php page

<?php

session_start();
require_once 'class.user.php';
$session = new USER();
if(!$session->is_loggedin())
{
    $session->redirect('index.php');
}
?>

This are the classes:

require_once('dbconfig.php');

class USER
{   

private $conn;

public function __construct()
{
    $database = new Database();
    $db = $database->dbConnection();
    $this->conn = $db;
}

public function runQuery($sql)
{
    $stmt = $this->conn->prepare($sql);
    return $stmt;
}

public function is_loggedin()
{
    if(isset($_SESSION['user_session']) )
    {
        return true;
    }
}

public function redirect($url)
{
    header("Location: $url");
}

public function doLogout()
{
    session_destroy();
    unset($_SESSION['user_session']);

    return true;
}
}
?>

I achieve this using a jQuery plugin - may be helpful for you, if not then just ignore this comment! https://github.com/adesigns/jquery-inactivity-timeout — Chris, Nov 16 '17 at 16:23
Possible duplicate. There are some very informative answers [here](https://stackoverflow.com/questions/520237/how-do-i-expire-a-php-session-after-30-minutes) and [here](https://stackoverflow.com/questions/8311320/how-to-change-the-session-timeout-in-php) — John McMahon, Nov 16 '17 at 16:25
Sessions are quite complex and doing this by code isn't even remotely easy. Your best bet is to setup a cronjob that purges session files that were last accessed more than 5 minutes ago. — Narf, Nov 16 '17 at 16:27
Use cookies instead and set a cookie with an expiry time of 5 minutes on every page load, or set a session value to timestamp of each page load and then check if 5 minutes has passed since then — miknik, Nov 16 '17 at 17:09

score 0 · Answer 1 · answered Nov 16 '17 at 17:28

Theres multiple ways to achieve this:

You can make a verification with a cookie or a session with a Timestamp to verify if the user has not changed paged within 2 minutes and it will log him out the moment he access that page. The Con in this method is that for all intents and purposes the user is still considered "Online" until he changes page.

My preferred method is to make a pooling with JQuery and Ajax request. Basically every X seconds you send a request with AJAX to the user to see if hes still there and update his timestamp on the database. And then with a server side script if the timestamp has reach 2 minutes difference set the user offline and force log him out.

There is always websockets, at the moment im exploring this method with rachetphp but it allows you to track a connection in real time, which is also pretty sweet.

Check this link for methods.

If the point is to logout clients for inactivity, polling doesn't achieve the goal. As long as a page stays open (which it can be left in a tab for hours, days, weeks, even months), the client will be considered active. — Narf, Nov 17 '17 at 09:58

Automatically log out php application after 2 mins

1 Answers1