0

i am new to php. i want to know how to logout a user when he/she is idle for sometime.

Thanks in advance

4
Contributors
8
Replies
11
Views
5 Years
Discussion Span
Last Post by Stefano Mtangoo
0

If you mean idle as in sat on a webpage for too long and you want to force a logout then PHP can't help as it's server side. JavaScript would work on timers.

Otherwise PHP using timers can only log out a user when they send another request after this time period is up.

1

If you are asking for a "real-time" logout action after some time i guess you'd have to use some Ajax/Javascript.
But i would use

<meta http-equiv="Refresh" content="300; url=http://www.example.com/logout.php">

This will redirect the page after 300 seconds(5 min).
Obviously the meta code will restart its timer when a user clicks a link, or any action that would update the code..

0

If you are asking for a "real-time" logout action after some time i guess you'd have to use some Ajax/Javascript.
But i would use

<meta http-equiv="Refresh" content="300; url=http://www.example.com/logout.php">

This will redirect the page after 300 seconds(5 min).
Obviously the meta code will restart its timer when a user clicks a link, or any action that would update the code..

That's actually a nice simple way, using JavaScript might be overdoing it then in this case ...

0

You have to put a token in your security checks that is renewable for each page click. That is a session variable storing last time user accessed a page and when user sends new request find difference btwn current time and session variable. If it is greater than permissible time kill session and send him to login page
This thread have snippet that illustrates what I say

EDIT
I found a good question with nice answers on SO

Edited by Stefano Mtangoo: n/a

0

yes, how to do this? i need some example coding for user who is idle for some time. and also where to place the coding?

If you mean idle as in sat on a webpage for too long and you want to force a logout then PHP can't help as it's server side. JavaScript would work on timers. Otherwise PHP using timers can only log out a user when they send another request after this time period is up.

Edited by happygeek: fixed formatting

0

Thanks evstevemd.

I saw that two url's. In my application i have many pages, in that one of the page i pasted that code. eg: hr->employee->view i pasted the code. i visit the hr->emplpoyee->view page and i moved some page in the same application. after some time which is i mentioned as logout time in code. i revisit hr->view->employee. its getting logout. but i need to logout only the user who is idle for some time in a page.


You have to put a token in your security checks that is renewable for each page click. That is a session variable storing last time user accessed a page and when user sends new request find difference btwn current time and session variable. If it is greater than permissible time kill session and send him to login page
This thread have snippet that illustrates what I say

EDIT
I found a good question with nice answers on SO

0

What Sorcher said will do the job ... looks like your navigation tree relates to company employees .. is this for your job?

Have a look at : http://www.w3schools.com/js/js_timing.asp

If you are asking for a "real-time" logout action after some time i guess you'd have to use some Ajax/Javascript.
But i would use

<meta http-equiv="Refresh" content="300; url=http://www.example.com/logout.php">

This will redirect the page after 300 seconds(5 min).
Obviously the meta code will restart its timer when a user clicks a link, or any action that would update the code..

There's too much of undecided spec, for instance if a user has timed out, what do we do .. keep the page visible, in that case Ajax would be useful or redirect them to another page in which case the above quote would work, what about if JavaScript is disabled when using JavaScript ...

Things need deciding first ...

0

Thanks evstevemd.

I saw that two url's. In my application i have many pages, in that one of the page i pasted that code. eg: hr->employee->view i pasted the code. i visit the hr->emplpoyee->view page and i moved some page in the same application. after some time which is i mentioned as logout time in code. i revisit hr->view->employee. its getting logout. but i need to logout only the user who is idle for some time in a page.

The code still applies. You just put that code in a file and may be a function or whatever way you want to organize. Then you include the file at the top of any page.
If you use MVC approach then work becomes easy, you put that code either in your front controller or in your routing class.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.