How to automatically logour after 5 min. of idleness
Moderator: General Moderators
How to automatically logour after 5 min. of idleness
Hello friends,
Am having a membership website and i need some help. How do i code any login required (member's) page to automatically (log out) request relogin after 5 minutes of idleness of the page? and how do i redirect the member back to page where he was loged out after signing in?
Regards
Am having a membership website and i need some help. How do i code any login required (member's) page to automatically (log out) request relogin after 5 minutes of idleness of the page? and how do i redirect the member back to page where he was loged out after signing in?
Regards
- Christopher
- Site Administrator
- Posts: 13596
- Joined: Wed Aug 25, 2004 7:54 pm
- Location: New York, NY, US
Re: How to automatically logour after 5 min. of idleness
You can either use PHP to generate a meta refresh header tag with a 5 minute value, or use Javascript timers to call a function after 5 minutes.
(#10850)
- flying_circus
- Forum Regular
- Posts: 732
- Joined: Wed Mar 05, 2008 10:23 pm
- Location: Sunriver, OR
Re: How to automatically logour after 5 min. of idleness
How are you tracking authenticated users? If you are using sessions, just set a timestamp on each page request. If more than 5 minutes have passed between page requests, execute your logout script and redirect the user.
Re: How to automatically logour after 5 min. of idleness
The meta refresh would redirect in 5 minutes period, not 5 minutes of idleness. If I'm taking 10 minutes to read an article, I don't want to be interrupted half way through.Christopher wrote:You can either use PHP to generate a meta refresh header tag with a 5 minute value, or use Javascript timers to call a function after 5 minutes.
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
- Christopher
- Site Administrator
- Posts: 13596
- Joined: Wed Aug 25, 2004 7:54 pm
- Location: New York, NY, US
Re: How to automatically logour after 5 min. of idleness
And how do you tell whether the user is reading or has walked away from the computer? Is there a function to call for that?pickle wrote:The meta refresh would redirect in 5 minutes period, not 5 minutes of idleness. If I'm taking 10 minutes to read an article, I don't want to be interrupted half way through.
(#10850)
Re: How to automatically logour after 5 min. of idleness
Code: Select all
if($User->buggered('off'){
//do stuff here
}- You wait for a page reload to determine if the user is logged out. This allows them to have the page up for as long as they want, and if someone else can see what's on their screen when they walk away - well that's their own dang fault.
- You force a refresh & interrupt whatever the user is doing.
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
Re: How to automatically logour after 5 min. of idleness
Banking solutions usually use the first option for the use-case of a user leaving his account logged-in while he is no longer near the computer (could even be in an Internet-cafe location or other public places). In that case you have to force a refresh in order to prevent account misuse
- Christopher
- Site Administrator
- Posts: 13596
- Joined: Wed Aug 25, 2004 7:54 pm
- Location: New York, NY, US
Re: How to automatically logour after 5 min. of idleness
I was just thinking that there might be a middle-ground solution. What if you had a timer that fired off after say 5 minutes. When the time was up, rather than refreshing immediately, you displayed a popup div that asked if you want to stay logged-in. The popup starts a second timer. If there was not response to the popup in say 10 seconds then the page is refreshed and you are logged-out.
(#10850)
Re: How to automatically logour after 5 min. of idleness
That'd work - as long as the user has Javascript turned on.
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
Re: How to automatically logour after 5 min. of idleness
Below is an example of a class. It declares various methods whic are used to establish a SESSION as well as checking the status and validity of the same.
Below is a brief example of what an authentication page could look like:
Below is a brief example of what a regular page could look like:
You could and should also use a JavaScript function so if one of the timers doesn't work then the other will.
setTimeout("window.location.herf = 'http://www.yourSite.com/logOut.php?exce ... redSession'", 1000 * 60 * 10);
Of course, these are just suggestions. I am not claiming to be the oracle on this subject but I have followed the examples above, changing the names of the variables and headers of course, and they worked quite well for me. If you find a better way to skin this cat, please post a reply and share it with all of us. Cheers!
Code: Select all
Sessions.php
<?php
class Sessions {
private function setPageTimer(){
$_SESSION["TIMER"] = time() + 1200;
}
public function establishSession($recordset){
if(!is_resource($recordset)){
header("Location: http://www.yourSite.com/index.php?exception=true&message=UnableToEstablishSession");
}
// declare and initialize session variables and cookies...
$this -> setPageTimer();
// code to verify that each session variables and or cookies have been declared and initialized...
}
private function checkSessionTimer(){
if(time() > $_SESSION["TIMER"]){
return -1;
}else{
$this -> setPageTimer();
}
}
private function checkHijackedSession(){
// your code here...
}
public function checkValidSession(){
if($this -> checkSessionTimer() == -1){
$exception = "true";
$message = "ExpiredSession";
}
if($this -> checkHijackedSession() == -1){
// code to disable user from being able to log back in...
$exception = "true";
$message = "Whatever you want to say...";
}
if($exception == "true"){
header("Location: http://www.yourSite.com/logOut.php?exception=" . $exception . "&message=" . $message);
}
}
public function terminateSession(){
$_POST = array();
$_GET = array();
$_SESSION = array();
session_destroy();
setcookie("PHPSESSID", "", time() - 1200, "/", ".yourSite.com");
}
}
?>
Code: Select all
authenticationPage.php
<?php
require_once("Sessions.php"); // although it is not noted here, you should avoid placing your classes in the root directory.
// your code here...
// if the user is authenticated then you can create your session object and call the desired method...
$session = new Sessions();
$session -> establishSession($userInformation);
?>
Code: Select all
regularPage.php
<?php
session_start();
require_once("Sessions.php"); // although it is not noted here, you should void placing your classes in the root directory.
$session = new Sessions();
$session -> checkValidSession();
// other objects and method calls here...
?>
setTimeout("window.location.herf = 'http://www.yourSite.com/logOut.php?exce ... redSession'", 1000 * 60 * 10);
Of course, these are just suggestions. I am not claiming to be the oracle on this subject but I have followed the examples above, changing the names of the variables and headers of course, and they worked quite well for me. If you find a better way to skin this cat, please post a reply and share it with all of us. Cheers!