Page 1 of 1
How to automatically logour after 5 min. of idleness
Posted: Thu Apr 29, 2010 6:45 am
by adsegzy
Hello friends,
Am having a membership website and i need some help. How do i code any login required (member's) page to automatically (log out) request relogin after 5 minutes of idleness of the page? and how do i redirect the member back to page where he was loged out after signing in?
Regards
Re: How to automatically logour after 5 min. of idleness
Posted: Thu Apr 29, 2010 12:30 pm
by Christopher
You can either use PHP to generate a meta refresh header tag with a 5 minute value, or use Javascript timers to call a function after 5 minutes.
Re: How to automatically logour after 5 min. of idleness
Posted: Thu Apr 29, 2010 12:35 pm
by flying_circus
How are you tracking authenticated users? If you are using sessions, just set a timestamp on each page request. If more than 5 minutes have passed between page requests, execute your logout script and redirect the user.
Re: How to automatically logour after 5 min. of idleness
Posted: Thu Apr 29, 2010 2:44 pm
by pickle
Christopher wrote:You can either use PHP to generate a meta refresh header tag with a 5 minute value, or use Javascript timers to call a function after 5 minutes.
The meta refresh would redirect in 5 minutes period, not 5 minutes of idleness. If I'm taking 10 minutes to read an article, I don't want to be interrupted half way through.
Re: How to automatically logour after 5 min. of idleness
Posted: Thu Apr 29, 2010 3:31 pm
by Christopher
pickle wrote:The meta refresh would redirect in 5 minutes period, not 5 minutes of idleness. If I'm taking 10 minutes to read an article, I don't want to be interrupted half way through.
And how do you tell whether the user is reading or has walked away from the computer? Is there a function to call for that?

Re: How to automatically logour after 5 min. of idleness
Posted: Thu Apr 29, 2010 5:54 pm
by pickle
Code: Select all
if($User->buggered('off'){
//do stuff here
}
In all seriousness - you're right. There are two ways to approach it.
- You wait for a page reload to determine if the user is logged out. This allows them to have the page up for as long as they want, and if someone else can see what's on their screen when they walk away - well that's their own dang fault.
- You force a refresh & interrupt whatever the user is doing.
I've been on the other end of the phone that is invariably called when #2 happens, so I tend to lean towards #1.
Re: How to automatically logour after 5 min. of idleness
Posted: Thu Apr 29, 2010 6:26 pm
by Eran
Banking solutions usually use the first option for the use-case of a user leaving his account logged-in while he is no longer near the computer (could even be in an Internet-cafe location or other public places). In that case you have to force a refresh in order to prevent account misuse
Re: How to automatically logour after 5 min. of idleness
Posted: Thu Apr 29, 2010 8:58 pm
by Christopher
I was just thinking that there might be a middle-ground solution. What if you had a timer that fired off after say 5 minutes. When the time was up, rather than refreshing immediately, you displayed a popup div that asked if you want to stay logged-in. The popup starts a second timer. If there was not response to the popup in say 10 seconds then the page is refreshed and you are logged-out.
Re: How to automatically logour after 5 min. of idleness
Posted: Fri Apr 30, 2010 9:46 am
by pickle
That'd work - as long as the user has Javascript turned on.
Re: How to automatically logour after 5 min. of idleness
Posted: Fri Apr 30, 2010 1:03 pm
by xtiano77
Below is an example of a class. It declares various methods whic are used to establish a SESSION as well as checking the status and validity of the same.
Code: Select all
Sessions.php
<?php
class Sessions {
private function setPageTimer(){
$_SESSION["TIMER"] = time() + 1200;
}
public function establishSession($recordset){
if(!is_resource($recordset)){
header("Location: http://www.yourSite.com/index.php?exception=true&message=UnableToEstablishSession");
}
// declare and initialize session variables and cookies...
$this -> setPageTimer();
// code to verify that each session variables and or cookies have been declared and initialized...
}
private function checkSessionTimer(){
if(time() > $_SESSION["TIMER"]){
return -1;
}else{
$this -> setPageTimer();
}
}
private function checkHijackedSession(){
// your code here...
}
public function checkValidSession(){
if($this -> checkSessionTimer() == -1){
$exception = "true";
$message = "ExpiredSession";
}
if($this -> checkHijackedSession() == -1){
// code to disable user from being able to log back in...
$exception = "true";
$message = "Whatever you want to say...";
}
if($exception == "true"){
header("Location: http://www.yourSite.com/logOut.php?exception=" . $exception . "&message=" . $message);
}
}
public function terminateSession(){
$_POST = array();
$_GET = array();
$_SESSION = array();
session_destroy();
setcookie("PHPSESSID", "", time() - 1200, "/", ".yourSite.com");
}
}
?>
Below is a brief example of what an authentication page could look like:
Code: Select all
authenticationPage.php
<?php
require_once("Sessions.php"); // although it is not noted here, you should avoid placing your classes in the root directory.
// your code here...
// if the user is authenticated then you can create your session object and call the desired method...
$session = new Sessions();
$session -> establishSession($userInformation);
?>
Below is a brief example of what a regular page could look like:
Code: Select all
regularPage.php
<?php
session_start();
require_once("Sessions.php"); // although it is not noted here, you should void placing your classes in the root directory.
$session = new Sessions();
$session -> checkValidSession();
// other objects and method calls here...
?>
You could and should also use a JavaScript function so if one of the timers doesn't work then the other will.
setTimeout("window.location.herf = '
http://www.yourSite.com/logOut.php?exce ... redSession'", 1000 * 60 * 10);
Of course, these are just suggestions. I am not claiming to be the oracle on this subject but I have followed the examples above, changing the names of the variables and headers of course, and they worked quite well for me. If you find a better way to skin this cat, please post a reply and share it with all of us. Cheers!