Auto-logout of users after a certain time
Moderator: General Moderators
Auto-logout of users after a certain time
How I can restrict user session to a certain amount of time ?and logout her/him automatically after expird valid time.
more detail please
Thanks
but if I must calculate $certaintime periodically and increase amount of it?or set it only one time. how? or it calculate automatically without my handily.
but if I must calculate $certaintime periodically and increase amount of it?or set it only one time. how? or it calculate automatically without my handily.
ummm... that sounds wrong to me... instead, try this (written in psuedo-code)
if(($last_activity+$login_length)!=$now){ /* log the user out */ }
else{ /* update the last activity */ }
put that function into an include with any functions needed to do it right, and call that function upon pageloads.
i have a similar thing, only i use cookies which SHOULD time out on their own, so all i have to do is update them. i used a set of cookies in order to allow the user to customise the length they are logged in for since i can't find a way to do that in sessions
edit: correct psuedo-code if you agree with my reasoning on why jam's code fails:
if(($last_activity_in_unix_timestamp+$login_length_in_seconds)<$unix_timestamp_for_now){ /* log the user out */ }
else{ /* update the last activity */ }
the reson i use seconds there is because unix time stamps are seconds passed since jan 1 1970, thus there was never a y2k issue for unix using 32 bit chips since they go till sometime in 2010 (although if the machines are 64 bit, then it takes us so far into the future that that our children will have died natural deaths before you have to deal with it)
if(($last_activity+$login_length)!=$now){ /* log the user out */ }
else{ /* update the last activity */ }
put that function into an include with any functions needed to do it right, and call that function upon pageloads.
i have a similar thing, only i use cookies which SHOULD time out on their own, so all i have to do is update them. i used a set of cookies in order to allow the user to customise the length they are logged in for since i can't find a way to do that in sessions
edit: correct psuedo-code if you agree with my reasoning on why jam's code fails:
if(($last_activity_in_unix_timestamp+$login_length_in_seconds)<$unix_timestamp_for_now){ /* log the user out */ }
else{ /* update the last activity */ }
the reson i use seconds there is because unix time stamps are seconds passed since jan 1 1970, thus there was never a y2k issue for unix using 32 bit chips since they go till sometime in 2010 (although if the machines are 64 bit, then it takes us so far into the future that that our children will have died natural deaths before you have to deal with it)
Last edited by m3rajk on Sun Aug 31, 2003 10:36 am, edited 1 time in total.
well you're checking when they logged on minus some time.
theorectically it is only flase if that's PRECISELY equal and you get zero. anything else will retrurn true in that if statement.
if you take the time right now, and subtact anything from that timestamp that ins't equal to or greater than the timestamp, then you still have a positive number, and since your user may login about noon, and you don't want to lose the rollover you need 24 hour time, but on that same thought, what about midnight??? this means you need a full timestamp, likely you're using a unix epoch, right? well think about about this:
$_SESSION['loggedin'] gets set to the unix timestamp for today at 11:27 am. my login duration is 5 minutes. i wat ten and you check against $_SESSION['loggedin']-5 minutes
the if statement will still return a number GREATER THAN zero, which will be taken for true, thus i could have left my computer 10 min ago and someone else couda been there when that happened, it'd still think i'm logged in.
in fact, even mine is wrong.. what you want is to know that wnen they were active last, plus the length of the login, is not before now. because if right now is GREATER THAN the login duration plus the unix timestamp of the last activity, then the person timed out.
theorectically it is only flase if that's PRECISELY equal and you get zero. anything else will retrurn true in that if statement.
if you take the time right now, and subtact anything from that timestamp that ins't equal to or greater than the timestamp, then you still have a positive number, and since your user may login about noon, and you don't want to lose the rollover you need 24 hour time, but on that same thought, what about midnight??? this means you need a full timestamp, likely you're using a unix epoch, right? well think about about this:
$_SESSION['loggedin'] gets set to the unix timestamp for today at 11:27 am. my login duration is 5 minutes. i wat ten and you check against $_SESSION['loggedin']-5 minutes
the if statement will still return a number GREATER THAN zero, which will be taken for true, thus i could have left my computer 10 min ago and someone else couda been there when that happened, it'd still think i'm logged in.
in fact, even mine is wrong.. what you want is to know that wnen they were active last, plus the length of the login, is not before now. because if right now is GREATER THAN the login duration plus the unix timestamp of the last activity, then the person timed out.
i wasn't sure why you used it, or if it was tested. but like i said already in my response to you, it sounds wrong because it sounds like you're testing the time the login or last activity occured minus an amount of time, which like i said, will always be positive if you've done something to not have issues with noon and midnight
rmemeber an if statement see any positive, if not non-zero number as being true., you cannot simply test against the result of loggedon-time, you need to qualify it, as i have done in the edit to my first post.
i wasn't sure anyone would even read the thread after my post, but i'm glad it is you who responded, becasue if your code seems to work, then anyone else askingme would have been of no use to you. now you can go back and think about it and see if it really does what you want, because unless i'm missing something about HOW your code works, it's missing the key element of checking to see if it's still valid, you're merely checking that it's a non-zero number
rmemeber an if statement see any positive, if not non-zero number as being true., you cannot simply test against the result of loggedon-time, you need to qualify it, as i have done in the edit to my first post.
i wasn't sure anyone would even read the thread after my post, but i'm glad it is you who responded, becasue if your code seems to work, then anyone else askingme would have been of no use to you. now you can go back and think about it and see if it really does what you want, because unless i'm missing something about HOW your code works, it's missing the key element of checking to see if it's still valid, you're merely checking that it's a non-zero number
Heres a simple system i created, but depends on other users. When people visit the site, this should be on a page that will always load:
I use this on basically everything, it just needs to load at the top of everything, and you also need to make sure it is included everywhere, if you use a HTML page that never changes, then that would be the place to put it.. hope it helps
Code: Select all
<?php
if(session_is_registered("username")) { //IF they are logged in
$date = date("YmdGi"); //current date
$mins = $date-5; //This would log them out after 5 minutes of no activity (change the 5 to what you want)
mysql_query("UPDATE `users` SET `online` = '1', time = '$date' WHERE username='$username'"); //if you're logged in and you load this, it updates your last visit..
$result = mysql_query("SELECT * FROM users WHERE `time`<='$mins'"); // find users not active
while ($fetch = mysql_fetch_assoc($result)) { //loopy
mysql_query("UPDATE `users` SET `online` = '0' WHERE `time`<='$mins'"); //Set them offline
}
}
?>Yes malder, it is dependant on your site recieving traffic, but look at it this way: If you get no traffic, no one will ever know, That person will stay logged in until you recieve another visit, or they log out using a log out button.. So even though its not going to execute it constantly, it still works very efficiently, and produces the same effect as if it were real time. If no one is visiting, no one ever knows.