-2

Ok. I'm building a website that requires an admin to login. How do I implement a system whereby when the admin logs in, and stays inactive for about 30 minutes, he gets logged out. Inactivity here, means the user hasnt moved the mouse or hasn't typed or scrolled up or down and other events that involves interacting with the website.

Chris
  • 1
  • 1
  • 7
    You are describing client-side inactivity, which you would have to process with Javascript, not PHP. Also note that PHP sessions already have a limited lifetime, maybe this is already enough for your purpose. – Karsten Koop Apr 13 '18 at 09:13
  • 1
    You will need to implement that in javascript. and then send a request to a php-script to unset the session. Otherwise, PHP will automatically destroy the session if no php-script was loaded for the time defined in the php.ini under session.gc_maxlifetime – wayneOS Apr 13 '18 at 09:15
  • Purely php is also fine; on every request the authentication has to be checked anyway. So just log and check if the latest request was less then 30 mins ago and only authenticate if that's the case – giorgio Apr 13 '18 at 09:15
  • How do you log in anyway? – deEr. Apr 13 '18 at 09:16
  • agree with @giorgio – Rahul Apr 13 '18 at 09:24
  • look her [https://stackoverflow.com/questions/8311320/how-to-change-the-session-timeout-in-php/8311400](https://stackoverflow.com/questions/8311320/how-to-change-the-session-timeout-in-php/8311400 ) hope this link will help you – Hamidou Bah Apr 13 '18 at 09:25
  • @RahulShrivastava that has nothing to do with events. – Chris Apr 13 '18 at 09:31
  • @HamidouBah page not found – Chris Apr 13 '18 at 09:32
  • @giorgio That won't log the user out after 30 mins though – brombeer Apr 13 '18 at 09:32
  • @Chris try my answer – Rahul Apr 13 '18 at 09:40
  • @kerbholz how's that? After 30mins the user will not be authenticated ergo will be logged out. You can even execute a specific logout action. The result will be the same, also because a user can close the browser before the client-side logout action will be fired – giorgio Apr 13 '18 at 10:14
  • @giorgio Basically I'm with you here, but! ;) The user would only be logged out if a second/another request is made. Session/cookie lifetime aside, if another request is made two days later, the user will be logged out after two days, not 30 minutes. – brombeer Apr 13 '18 at 10:20
  • 1
    @kerbholz true, but what I mean is; what if the user closes his browser after 15 mins and opens it up 2 days later? Same result! :) so you'd be building _only_ for the specific case a user logges in, has lunch, and come back to interact again. Seems to me to be a lot of trouble for, well, for what goal exactly? But if that _is_ a specific requirement, well yeah, then javascript would be the way to go. – giorgio Apr 13 '18 at 14:20

1 Answers1

0

the given example is for 10 minutes.try it

 session_start();

// 10 mins in seconds
$inactive = 600; 

$session_life = time() - $_session['timeout'];

if($session_life > $inactive)
{  session_destroy(); header("Location: logoutpage.php");     }

S_session['timeout']=time();

the code taken from here https://www.daniweb.com/programming/software-development/threads/12450/quicksort-insertion-sort-hyrbid

Or you can try it

ini_set('session.gc_maxlifetime',10);
Rahul
  • 1,617
  • 1
  • 9
  • 18