User Inactivity Logout PHP

0 votes
asked Jun 18, 2010 by user342391

I want my users to be logged out automatically after X minutes of inactivity. I also want to have all sessions destroyed.

How can this be done? How can I check for inactivity then perform a function to log them out???

9 Answers

0 votes
answered Jan 18, 2010 by sam

Use unset($_SESSION['NAME']); or session_destroy();. You could also change the value of the session.

To do this at a certain time, you would need to set a timestamp in the database, and then call it to check if it's beyond X minutes. Look at the link at the bottom.

I'd personally just use cookies and make them expire at a certain time, but whatever floats your boat.

If current time is more than 30 seconds past time X (from the database)

0 votes
answered Jun 18, 2010 by jamie-wong

Depending on how fast your server is and how many users you have, you can have it send a request to your server whenever a user does anything (navigates, clicks a button, whatever). From this request, update a SQL table with their last activity time.

Have a cron job run through the table at some regular interval and delete the sessions of the users that have been inactive for whatever your threshold is going to be.

If your server is slow or you have a lot of users, you can have this script run infrequently.

0 votes
answered Jun 18, 2010 by sarfraz

You can set session time out limit like:

ini_set('session.gc_maxlifetime',30);

Here is the possible solution for you.

0 votes
answered Jun 18, 2010 by machiel

You could also do:

$_SESSION['loginTime'] = time();

On every page, and when the user is trying to navigate and he has been inactive for an twenty minutes you can log him out like this:

if($_SESSION['loginTime'] < time()+20*60){ logout(); }
0 votes
answered Jun 18, 2010 by your-common-sense

PHP's session mechanism already have a garbage collector based on the inactivity timeout. You have no worry about.

0 votes
answered Jun 10, 2011 by ysol8

I tired Michiels approach and got no where. On investigation I saw that the if statement simply added the expiry period to the current time so the statement never fired.

This is my altered version:

set this when logging in user or loading a secure page:

 $_SESSION['expire'] = time()+1*60;

And use this to see if the expiry time is less than current time (i.e we're past the expiry limit):

if(time() > $_SESSION['expire']){
 $user -> logout();
}
0 votes
answered Jan 27, 2014 by kashyap-patel


$(document).ready( function()
{
setTimeout(function() { CALL LOGOUT.PHP VIA AJAX }, 720000);

});

720000 means 12 minutes ( for illustration purpose )
put this script in your header and set ur own time of inactivity
you can set what time u want , it will be work like if you set 5 minutes then when u login to system then it start count for 5 min. but if u click on any module this script will be reloaded , because when page turns then header is also reload when script is reload then it start count from 0 (initial), but if u cant access the system within 5 min. then it will load the logout.php and system will logs-out

0 votes
answered Jan 16, 2016 by karthik-shiva

You can set the last active time by $_SESSION['lastactive'] = time() and update it every time when user navigates to a new page. Then you can have a function timeout() on every page .

function timeout()    
{
    $maxtime = 60*2; // Here , maxtime has been set to 2 minutes

if(isset($_SESSION['lastactive']) and (time() - $_SESSION['lastactive'] > $maxtime )) // subtracting current time from lastactive time and seeing if it exceeded timeout limit.
{
    signout(); //logging out        
}

if(isset($_SESSION['lastactive']) and (time() - $_SESSION['lastactive'] < $maxtime )) // subtracting current time from lastactive time and seeing if it exceeded timeout limit.
{   
    return 1; // timeout limit not exceeded     
}   
else
{
    if(!isset($_SESSION['lastactive']))
    {

        $_SESSION['lastactive'] = time(); //if lastactive is not set
    }
}
}
0 votes
answered Sep 15, 2017 by samuel-kundael

The simplest way is this. Send the user to a log out page if they are not activating certain elements on your website

$secondsWait = 300; // these are seconds so it is 300s=5minutes
header("refresh:$secondsWait; logout.php");

contents for the redirect... logout.php, destroy any sessions and maybe also send a message alerting the user why they were logged out

<?php
session_start();
session_unset();
session_destroy();  
?>
Welcome to Q&A, where you can ask questions and receive answers from other members of the community.
Website Online Counter

...