0

Is it possible to create an automatically logout when the visitor closes or leaves the page? I know the code i used isnt nice, but I needed something without a database. Anyway, i use 2 files, a login.php and index.php. I only just started writing PHP so a 'simple' explanation would be very much appriciated ;)

Login code I use now:

login.php

<?php defined('DS') OR die('No direct access allowed.');

$users = array(
    "admin" => "admin"
);

if(isset($_GET['logout'])) {
    $_SESSION['username'] = '';
    header('Location:  ' . $_SERVER['PHP_SELF']);
}

if(isset($_POST['username'])) {
    if($users[$_POST['username']] !== NULL && $users[$_POST['username']] == $_POST['password']) {
        $_SESSION['username'] = $_POST['username'];
        header('Location:  ' . $_SERVER['PHP_SELF']);
    }else {
        //invalid login
        echo "<p>Username and/or password is incorrect!</p>";
    }
}

echo '<form method="post" action="'.SELF.'">
  <h2>Login</h2>
  <p><label for="username">Username</label> <input type="text" id="username" name="username" value="" /></p>
  <p><label for="password">Password</label> <input type="password" id="password" name="password" value="" /></p>
  <p><input type="submit" name="submit" value="Login" class="button"/></p>
  </form>';
exit;
?>

index.php

<?php
session_start();

define('DS',  TRUE);
define('USERNAME', $_SESSION['username']);
define('SELF',  $_SERVER['PHP_SELF'] );

if (!USERNAME or isset($_GET['logout']))
    include('login.php');
?>
Shahnewaz
  • 360
  • 4
  • 12
Jack Kiurre
  • 17
  • 4
  • 1
    Possible duplicate of [Auto Logout when user leaves the application without doing logout action](https://stackoverflow.com/questions/23010044/auto-logout-when-user-leaves-the-application-without-doing-logout-action) – Masivuye Cokile Dec 11 '18 at 11:58
  • @MasivuyeCokile That solution destroys the session after a specific time if i understand it correctly, im actually looking to destroy the session when you leave the page, thanks anyway – Jack Kiurre Dec 11 '18 at 12:02
  • I dont see a `session_start()` in the forst script you show us !!! – RiggsFolly Dec 11 '18 at 12:02
  • correct, its in the second file. Is that a problem? @RiggsFolly – Jack Kiurre Dec 11 '18 at 12:04
  • Yes, has to be in ALL scripts that want to use the session, and at the top of the script – RiggsFolly Dec 11 '18 at 12:04
  • You also need an `exit;` after all `header('Location: ...');` function calls. The header function does not STOP execution of the script, so without an exit your code will continue to execute, even if it is invisble to you because the browser has been told to request another page. – RiggsFolly Dec 11 '18 at 12:06

3 Answers3

1

there is no "direct" way to do it.

first attempt could be to lower the time, a session is alive in yout php-configuration.

The Thing you want could be made with JavaScript, so when leaving the page the Logout can happen, BUT you CAN'T rely on it, if i kill my browser or a browser crashes, no logout-request will be made to your Server!

whats the Purpose of your Question? The only fact you can rely of, is that a session will be destroyed automaticly if not used for a given set of time

mech
  • 617
  • 6
  • 16
0

You can save last-activity of the user and then say if user has been inactive for more than 1-2-3-4-5 mins. Then the user is offline. But last-activity should be saved in the DB if you want to make something like a list of online users.

Example: 

<?php
$user_time = 'last-activity';
$current_time = time();
$logout_after = 5*60;

if(($user_time+$logout_after) < $current_time) {
    // set to offline
} else {
    //check if user is set to online, if not set the status to offline and update last-activity: time()
}
?>
Michael Andersen
  • 64
  • 1
  • 3
0

So I haven't tested this but it might work. You'll need to use some JS/jQuery though.

Use the .unload() function to determine when a user leaves the page and then send a request to your logout script where you unset the session

$(window).unload(function() {
    var xmlhttp = new XMLHttpRequest();
    xmlhttp.onreadystatechange = function(){
        if(this.readyState == 4 && this.status == 200){

        }
    };
    xmlhttp.open("POST", "logoutScript.php", true);
    xmlhttp.send();
});
Paddy Hallihan
  • 1,624
  • 3
  • 27
  • 76