I have read several replies here and I am in the process of testing them now but since this is a problem I need an urgent fix for, I thought it would not hurt to ask again.
We have an Apache website that is extremely simple in design. It's main security is simply a username password setup.
We recently got a complaint from one of the people who posts items on the site that he left his laptop and browser open and running on the site when he went home. While this could easily be fixed by telling people to log out when done, I need to find a way to "do it for them" after maybe 5 minutes of inactivity.
While I would not want to go to the next level at this point, I just wondered how hard it would be to force each user to "re-authenticate" every 15 minutes or so? Any help on either or both would be greatly appreciated.
The login script is PHP and contains the procedure for "logout" as well and i was thinking of writing a timer into it that would force the logout after 15 minutes but it would be better to watch for someone who just walked away from their system leaving it open and not being used but left their secured access open for others to use.