We're a community of 1077K IT Pros here for help, advice, solutions, professional growth and fun. Join us!
1,076,031 Members — Technology Publication meets Social Media
Username:
Password:
Lost login information?
Start New Discussion Reply to this Discussion
Ad: IT HelpDesk & Customer Support Software
5 Months Ago
0

Automatic logout after inactivirty

I have read several replies here and I am in the process of testing them now but since this is a problem I need an urgent fix for, I thought it would not hurt to ask again.
We have an Apache website that is extremely simple in design. It's main security is simply a username password setup.

We recently got a complaint from one of the people who posts items on the site that he left his laptop and browser open and running on the site when he went home. While this could easily be fixed by telling people to log out when done, I need to find a way to "do it for them" after maybe 5 minutes of inactivity.

While I would not want to go to the next level at this point, I just wondered how hard it would be to force each user to "re-authenticate" every 15 minutes or so? Any help on either or both would be greatly appreciated.

The login script is PHP and contains the procedure for "logout" as well and i was thinking of writing a timer into it that would force the logout after 15 minutes but it would be better to watch for someone who just walked away from their system leaving it open and not being used but left their secured access open for others to use.

4
Contributors
3
Replies
23 Hours
Discussion Span
5 Months Ago
Last Updated
4
Views
questorfla
Newbie Poster
3 posts since Apr 2012
Reputation Points: 0
Solved Threads: 0
Skill Endorsements: 0
diafol
Keep Smiling
Moderator
10,655 posts since Oct 2006
Reputation Points: 1,628
Solved Threads: 1,510
Skill Endorsements: 57
5 Months Ago
0

I'm assuming you're using a session to track the login. Within the session just keep a "last activity" timestamp that gets checked and updated every time a different page is loaded. When a page is loaded, check the "last activity" against the current time: if more than your timeout time has elapsed i.e. (currenttime - lastactivity) > yourtimeout, log the user out, if it is less than your timeout, update the lastactivity with the current time.

bops
Posting Whiz in Training
273 posts since Aug 2005
Reputation Points: 24
Solved Threads: 14
Skill Endorsements: 0
5 Months Ago
0

Two methods come to mind:

  1. Use a cookie to track the login, and give it an expiry time of 15 minutes from creation. Every time they load another page, or reload the current page, you check for a cookie and if they're logged in you renew the expiry time. If they're going to spend a long time on the same page, this can be an issue.
  2. Use a session to track login. Run a script with a timeout after 15 minutes, and have it close the page at the timeout. The timer will reset every time they reload the page, extending it for anothr 15 minutes. You can (and probably should for safety sake) set the script to run a confirmation box at the 15 minute mark so that it gives them a chance to extend the time without reloading the page (but only give them say 30 seconds to click OK on the confirmation box, otherwise it'll never close the page).
yehuda2001
Newbie Poster
6 posts since Oct 2012
Reputation Points: 0
Solved Threads: 0
Skill Endorsements: 0

This article has been dead for over three months: Start a new discussion instead

Post: Markdown Syntax: Formatting Help
 
You
Web Development > PHP
View similar articles that have also been tagged:
 
© 2013 DaniWeb® LLC
Page rendered in 0.3059 seconds using 2.87MB