How to automatically logour after 5 min. of idleness

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
adsegzy
Forum Contributor
Posts: 184
Joined: Tue Jul 28, 2009 9:26 am

How to automatically logour after 5 min. of idleness

Post by adsegzy »

Hello friends,

Am having a membership website and i need some help. How do i code any login required (member's) page to automatically (log out) request relogin after 5 minutes of idleness of the page? and how do i redirect the member back to page where he was loged out after signing in?

Regards
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Re: How to automatically logour after 5 min. of idleness

Post by Christopher »

You can either use PHP to generate a meta refresh header tag with a 5 minute value, or use Javascript timers to call a function after 5 minutes.
(#10850)
User avatar
flying_circus
Forum Regular
Posts: 732
Joined: Wed Mar 05, 2008 10:23 pm
Location: Sunriver, OR

Re: How to automatically logour after 5 min. of idleness

Post by flying_circus »

How are you tracking authenticated users? If you are using sessions, just set a timestamp on each page request. If more than 5 minutes have passed between page requests, execute your logout script and redirect the user.
User avatar
pickle
Briney Mod
Posts: 6445
Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:

Re: How to automatically logour after 5 min. of idleness

Post by pickle »

Christopher wrote:You can either use PHP to generate a meta refresh header tag with a 5 minute value, or use Javascript timers to call a function after 5 minutes.
The meta refresh would redirect in 5 minutes period, not 5 minutes of idleness. If I'm taking 10 minutes to read an article, I don't want to be interrupted half way through.
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Re: How to automatically logour after 5 min. of idleness

Post by Christopher »

pickle wrote:The meta refresh would redirect in 5 minutes period, not 5 minutes of idleness. If I'm taking 10 minutes to read an article, I don't want to be interrupted half way through.
And how do you tell whether the user is reading or has walked away from the computer? Is there a function to call for that? ;)
(#10850)
User avatar
pickle
Briney Mod
Posts: 6445
Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:

Re: How to automatically logour after 5 min. of idleness

Post by pickle »

Code: Select all

if($User->buggered('off'){
  //do stuff here
}
In all seriousness - you're right. There are two ways to approach it.
  1. You wait for a page reload to determine if the user is logged out. This allows them to have the page up for as long as they want, and if someone else can see what's on their screen when they walk away - well that's their own dang fault.
  2. You force a refresh & interrupt whatever the user is doing.
I've been on the other end of the phone that is invariably called when #2 happens, so I tend to lean towards #1.
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
User avatar
Eran
DevNet Master
Posts: 3549
Joined: Fri Jan 18, 2008 12:36 am
Location: Israel, ME

Re: How to automatically logour after 5 min. of idleness

Post by Eran »

Banking solutions usually use the first option for the use-case of a user leaving his account logged-in while he is no longer near the computer (could even be in an Internet-cafe location or other public places). In that case you have to force a refresh in order to prevent account misuse
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Re: How to automatically logour after 5 min. of idleness

Post by Christopher »

I was just thinking that there might be a middle-ground solution. What if you had a timer that fired off after say 5 minutes. When the time was up, rather than refreshing immediately, you displayed a popup div that asked if you want to stay logged-in. The popup starts a second timer. If there was not response to the popup in say 10 seconds then the page is refreshed and you are logged-out.
(#10850)
User avatar
pickle
Briney Mod
Posts: 6445
Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:

Re: How to automatically logour after 5 min. of idleness

Post by pickle »

That'd work - as long as the user has Javascript turned on.
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
xtiano77
Forum Commoner
Posts: 72
Joined: Tue Sep 22, 2009 10:53 am
Location: Texas

Re: How to automatically logour after 5 min. of idleness

Post by xtiano77 »

Below is an example of a class. It declares various methods whic are used to establish a SESSION as well as checking the status and validity of the same.

Code: Select all

Sessions.php
<?php
class Sessions {
	private function setPageTimer(){
		$_SESSION["TIMER"] = time() + 1200;
	}

	public function establishSession($recordset){
		if(!is_resource($recordset)){
			header("Location: http://www.yourSite.com/index.php?exception=true&message=UnableToEstablishSession");
		}
		// declare and initialize session variables and cookies...
		$this -> setPageTimer();
		// code to verify that each session variables and or cookies have been declared and initialized...
	}

	private function checkSessionTimer(){
		if(time() > $_SESSION["TIMER"]){
			return -1;
		}else{
			$this -> setPageTimer();
		}
	}

	private function checkHijackedSession(){
		// your code here...
	}

	public function checkValidSession(){
		if($this -> checkSessionTimer() == -1){
			$exception = "true";
			$message = "ExpiredSession";
		}
		if($this -> checkHijackedSession() == -1){
			// code to disable user from being able to log back in...
			$exception = "true";
			$message = "Whatever you want to say...";
		}
		if($exception == "true"){
			header("Location: http://www.yourSite.com/logOut.php?exception=" . $exception . "&message=" . $message);
		}
	}

	public function terminateSession(){
		$_POST = array();
		$_GET = array();
		$_SESSION = array();
		session_destroy();
		setcookie("PHPSESSID", "", time() - 1200, "/", ".yourSite.com");
	}
}
?>
Below is a brief example of what an authentication page could look like:

Code: Select all

authenticationPage.php
<?php
require_once("Sessions.php");  // although it is not noted here, you should avoid placing your classes in the root directory.
// your code here...
// if the user is authenticated then you can create your session object and call the desired method...
$session = new Sessions();
$session -> establishSession($userInformation);
?>
Below is a brief example of what a regular page could look like:

Code: Select all

regularPage.php
<?php
session_start();
require_once("Sessions.php");  // although it is not noted here, you should void placing your classes in the root directory.
$session = new Sessions();
$session -> checkValidSession();
// other objects and method calls here...
?>
You could and should also use a JavaScript function so if one of the timers doesn't work then the other will.

setTimeout("window.location.herf = 'http://www.yourSite.com/logOut.php?exce ... redSession'", 1000 * 60 * 10);

Of course, these are just suggestions. I am not claiming to be the oracle on this subject but I have followed the examples above, changing the names of the variables and headers of course, and they worked quite well for me. If you find a better way to skin this cat, please post a reply and share it with all of us. Cheers!
Post Reply