Page 1 of 2

Auto-logout of users after a certain time

Posted: Sun Aug 31, 2003 1:42 am
by maldar
How I can restrict user session to a certain amount of time ?and logout her/him automatically after expird valid time.

Posted: Sun Aug 31, 2003 1:48 am
by JAM
Removed due to errors.

more detail please

Posted: Sun Aug 31, 2003 2:01 am
by maldar
Thanks
but if I must calculate $certaintime periodically and increase amount of it?or set it only one time. how? or it calculate automatically without my handily.

Posted: Sun Aug 31, 2003 2:04 am
by JAM
If you are using require('settings.php'); or similiar with some basic stuff, you could add $certaintime in there to ease up when/if you need to change it later on.

You could of course use it in any ways you describe, but that's all up to you.

Posted: Sun Aug 31, 2003 2:08 am
by maldar
Removed

Posted: Sun Aug 31, 2003 10:02 am
by m3rajk
ummm... that sounds wrong to me... instead, try this (written in psuedo-code)

if(($last_activity+$login_length)!=$now){ /* log the user out */ }
else{ /* update the last activity */ }

put that function into an include with any functions needed to do it right, and call that function upon pageloads.

i have a similar thing, only i use cookies which SHOULD time out on their own, so all i have to do is update them. i used a set of cookies in order to allow the user to customise the length they are logged in for since i can't find a way to do that in sessions


edit: correct psuedo-code if you agree with my reasoning on why jam's code fails:

if(($last_activity_in_unix_timestamp+$login_length_in_seconds)<$unix_timestamp_for_now){ /* log the user out */ }
else{ /* update the last activity */ }


the reson i use seconds there is because unix time stamps are seconds passed since jan 1 1970, thus there was never a y2k issue for unix using 32 bit chips since they go till sometime in 2010 (although if the machines are 64 bit, then it takes us so far into the future that that our children will have died natural deaths before you have to deal with it)

Posted: Sun Aug 31, 2003 10:22 am
by JAM
m3rajk wrote:ummm... that sounds wrong to me... instead, try this
Please elaborate, as I'm using that particular part of code in a cms I've done. And, btw, it works.

Posted: Sun Aug 31, 2003 10:31 am
by m3rajk
well you're checking when they logged on minus some time.

theorectically it is only flase if that's PRECISELY equal and you get zero. anything else will retrurn true in that if statement.

if you take the time right now, and subtact anything from that timestamp that ins't equal to or greater than the timestamp, then you still have a positive number, and since your user may login about noon, and you don't want to lose the rollover you need 24 hour time, but on that same thought, what about midnight??? this means you need a full timestamp, likely you're using a unix epoch, right? well think about about this:

$_SESSION['loggedin'] gets set to the unix timestamp for today at 11:27 am. my login duration is 5 minutes. i wat ten and you check against $_SESSION['loggedin']-5 minutes

the if statement will still return a number GREATER THAN zero, which will be taken for true, thus i could have left my computer 10 min ago and someone else couda been there when that happened, it'd still think i'm logged in.

in fact, even mine is wrong.. what you want is to know that wnen they were active last, plus the length of the login, is not before now. because if right now is GREATER THAN the login duration plus the unix timestamp of the last activity, then the person timed out.

Posted: Sun Aug 31, 2003 10:45 am
by JAM
Then I/we might understand. Abit better explanation than "sounds wierd" imho...

And of course, the choise of session name was idiotic, as it needs to be updated.

Posted: Sun Aug 31, 2003 10:55 am
by m3rajk
i wasn't sure why you used it, or if it was tested. but like i said already in my response to you, it sounds wrong because it sounds like you're testing the time the login or last activity occured minus an amount of time, which like i said, will always be positive if you've done something to not have issues with noon and midnight


rmemeber an if statement see any positive, if not non-zero number as being true., you cannot simply test against the result of loggedon-time, you need to qualify it, as i have done in the edit to my first post.

i wasn't sure anyone would even read the thread after my post, but i'm glad it is you who responded, becasue if your code seems to work, then anyone else askingme would have been of no use to you. now you can go back and think about it and see if it really does what you want, because unless i'm missing something about HOW your code works, it's missing the key element of checking to see if it's still valid, you're merely checking that it's a non-zero number

Posted: Sun Aug 31, 2003 11:06 am
by Drachlen
Heres a simple system i created, but depends on other users. When people visit the site, this should be on a page that will always load:

Code: Select all

<?php
if(session_is_registered("username")) { //IF they are logged in

$date = date("YmdGi"); //current date
$mins = $date-5; //This would log them out after 5 minutes of no activity (change the 5 to what you want)
mysql_query("UPDATE `users` SET `online` = '1', time = '$date' WHERE username='$username'"); //if you're logged in and you load this, it updates your last visit..
    $result = mysql_query("SELECT * FROM users WHERE `time`<='$mins'"); // find users not active
        while ($fetch = mysql_fetch_assoc($result)) { //loopy
mysql_query("UPDATE `users` SET `online` = '0' WHERE `time`<='$mins'"); //Set them offline
		}
}
?>
I use this on basically everything, it just needs to load at the top of everything, and you also need to make sure it is included everywhere, if you use a HTML page that never changes, then that would be the place to put it.. hope it helps

Posted: Mon Sep 01, 2003 3:04 pm
by maldar
Hi Drachlen,
I can understand why you update table and why you set $mins but I can't understand how you find users that are not active for more than 5 minutes.It seems that it must locate in an iteration block or some things else to check the time frequently.

Posted: Mon Sep 01, 2003 3:08 pm
by m3rajk
the psuedocode i gave you, it would require you keep the last login activity time. to show oether's who's on in a certain timeframe, you just iterate through that column in your db and check to see who's been active in the timeframe you want

Posted: Mon Sep 01, 2003 3:22 pm
by Drachlen
Yes malder, it is dependant on your site recieving traffic, but look at it this way: If you get no traffic, no one will ever know, That person will stay logged in until you recieve another visit, or they log out using a log out button.. So even though its not going to execute it constantly, it still works very efficiently, and produces the same effect as if it were real time. If no one is visiting, no one ever knows.

Posted: Mon Sep 01, 2003 3:23 pm
by maldar
but it is time-consuming.isn't it??