SitePoint Sponsor

User Tag List

Results 1 to 16 of 16
  1. #1
    SitePoint Addict
    Join Date
    Aug 2007
    Posts
    256
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Automatic Logout after inactive for 15 minutes

    Hey,guys!How to achieve that a form will be autmatically logout if user have more than 15 minutes of inactive,Thanks...

  2. #2
    hi galen's Avatar
    Join Date
    Jan 2006
    Location
    New Haven, CT
    Posts
    1,228
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Every time a user loads a page put the time the page was loaded in a variable somewhere(cookie, table).

    Then use the time in the variable (time of last page load) and compare it to the current time(time of current page load) and if it is > 15 minutes log the user out.

  3. #3
    SitePoint Addict
    Join Date
    Aug 2007
    Posts
    256
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Is it what you meant?

    PHP Code:
    <?php
    $starttime 
    microtime();
    $startarray explode(" "$starttime);
    $starttime $startarray[1] + $startarray[0];

    $totaltime time() - $starttime;
    if (
    $totaltime 15*60)
    {
       
    //logout
    }
    ?>

  4. #4
    SitePoint Enthusiast
    Join Date
    Oct 2005
    Posts
    96
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by devil_vin View Post
    Is it what you meant?

    PHP Code:
    <?php
    $starttime 
    microtime();
    $startarray explode(" "$starttime);
    $starttime $startarray[1] + $startarray[0];

    $totaltime time() - $starttime;
    if (
    $totaltime 15*60)
    {
       
    //logout
    }
    ?>
    This code won't work, this code means to log out the user if the code between 3rd line and 5th line takes 15 minutes to run.

    As galen mentioned, when the user logs in, you can store the time in session or a db table, then whenever the user accesses a page, you can compare the current time with the stored time. If the difference is > 15 minutes, you can log out the user, else update the time to current time. You can put this code in the logic where you check if a user is logged in.

  5. #5
    SitePoint Member
    Join Date
    Feb 2006
    Location
    Yogyakarta, Indonesia
    Posts
    12
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I prefer using META REFRESH method:
    Code:
    <meta http-equiv="refresh" content="900;url=logout.php" />
    When user open a page, the browser will count for 900 seconds (15 minutes). When it reached 900, the browser will redirect the page into logout.php

  6. #6
    SitePoint Addict
    Join Date
    Apr 2005
    Posts
    287
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by sandal View Post
    I prefer using META REFRESH method:
    Code:
    <meta http-equiv="refresh" content="900;url=logout.php" />
    When user open a page, the browser will count for 900 seconds (15 minutes). When it reached 900, the browser will redirect the page into logout.php
    Unique solution. I like it
    How does that make your feel?

  7. #7
    SitePoint Addict CVPer's Avatar
    Join Date
    Sep 2007
    Location
    Vancouver, BC, Canada
    Posts
    233
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by MadMike View Post
    Unique solution. I like it
    me too,
    or set in header
    Refresh: 900;url=logout.php

    and setting the session time-out no more than 15 minutes too may give your site more secure.
    * @location Vancouver, BC, Canada
    * @name Steve
    * @job PHP/MySQL, Drupal, WordPress Developer

  8. #8
    SitePoint Evangelist AlienDev's Avatar
    Join Date
    Feb 2007
    Location
    UK
    Posts
    591
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by sandal View Post
    I prefer using META REFRESH method:
    Code:
    <meta http-equiv="refresh" content="900;url=logout.php" />
    When user open a page, the browser will count for 900 seconds (15 minutes). When it reached 900, the browser will redirect the page into logout.php
    Doesnt work. If user closes browser, comes back 2 hours later, and the site auto-logs user in thru cookies, well the whole "log out after 15 minutes" goal is failed.

    Also uses clients system resources when they might not want you to (eg they leave browser open while playing CPU intensive game).

    Much better to store time() in a DB, and check at the start of every page load if the stored time() if more than 60*15 away from the current time.
    Me on StackOverflow | Blog & personal website.

    I mostly use: PHP, Java, JavaScript, Android.

  9. #9
    Theoretical Physics Student bronze trophy Jake Arkinstall's Avatar
    Join Date
    May 2006
    Location
    Lancaster University, UK
    Posts
    7,062
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    However, I know that Vin's on about sessions - so if they close the browser, it logs out anyway.
    Jake Arkinstall
    "Sometimes you don't need to reinvent the wheel;
    Sometimes its enough to make that wheel more rounded"-Molona

  10. #10
    SitePoint Evangelist AlienDev's Avatar
    Join Date
    Feb 2007
    Location
    UK
    Posts
    591
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by arkinstall View Post
    However, I know that Vin's on about sessions - so if they close the browser, it logs out anyway.
    A user control system which only uses sessions and doesnt use cookies (if user wants to be remembered) isnt very good. So I will assume that it uses cookies and sessions.

    If a user is told they will be logged out after 15 minutes of activity then thats the way it should be. Shouldnt matter if the browser is closed or not. The cookies should log the user back in if the browser was closed for less than 15 minutes.

    Telling a user they will be logged out after 15 minutes, but logging them out after only 2 minutes because the browser is closed and opened again is lying. And it shouldnt happen. Its not hard to do either.
    Me on StackOverflow | Blog & personal website.

    I mostly use: PHP, Java, JavaScript, Android.

  11. #11
    Theoretical Physics Student bronze trophy Jake Arkinstall's Avatar
    Join Date
    May 2006
    Location
    Lancaster University, UK
    Posts
    7,062
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    It's not hard to do, but the system in question isn't based on a community, but of a small booking system - which doesn't need to worry about that kind of thing.

    Of course, if it was a community then you have a good point, and cookies would be useful.
    Jake Arkinstall
    "Sometimes you don't need to reinvent the wheel;
    Sometimes its enough to make that wheel more rounded"-Molona

  12. #12
    SitePoint Enthusiast
    Join Date
    Oct 2005
    Posts
    96
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by sandal View Post
    I prefer using META REFRESH method:
    Code:
    <meta http-equiv="refresh" content="900;url=logout.php" />
    When user open a page, the browser will count for 900 seconds (15 minutes). When it reached 900, the browser will redirect the page into logout.php
    This won't work if a user opens multiple windows on the same site. Eg, if a user opens one window then opens another one in 10 minutes later. The first window would redirect to logout.php to kill the user's session which shouldn't, because the user is still in active mode within the past 15 minutes.

  13. #13
    SitePoint Evangelist AlienDev's Avatar
    Join Date
    Feb 2007
    Location
    UK
    Posts
    591
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by libranet View Post
    This won't work if a user opens multiple windows on the same site. Eg, if a user opens one window then opens another one in 10 minutes later. The first window would redirect to logout.php to kill the user's session which shouldn't, because the user is still in active mode within the past 15 minutes.
    Yup. So many people use tabs now that using meta redirects would be totally stupid.
    Me on StackOverflow | Blog & personal website.

    I mostly use: PHP, Java, JavaScript, Android.

  14. #14
    SitePoint Zealot
    Join Date
    May 2007
    Location
    West Midlands, UK
    Posts
    173
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by arkinstall View Post
    It's not hard to do, but the system in question isn't based on a community, but of a small booking system - which doesn't need to worry about that kind of thing.

    Of course, if it was a community then you have a good point, and cookies would be useful.
    Regardless of what system you are using, large or small you should alway aim for user satisfaction. Misleading the users is bad.

    Its always good practice to spend the extra time and do things right the first time round, so in the future you won't have to slog out the extra time doing what you could have done at first. Like you said, if its not hard, its not a problem is it

  15. #15
    SitePoint Guru
    Join Date
    Dec 2005
    Posts
    982
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by devil_vin View Post
    Is it what you meant?

    PHP Code:
    <?php
    $starttime 
    microtime();
    $startarray explode(" "$starttime);
    $starttime $startarray[1] + $startarray[0];

    $totaltime time() - $starttime;
    if (
    $totaltime 15*60)
    {
       
    //logout
    }
    ?>
    Flip it. Check for expiration first; if the user is within the time limits, refresh the time limit.
    The meta refresh is a good idea too, just make sure that when you refresh, you double check that the session/cookie hasn't been updated by another page. I like the idea of combining everything that has been mentioned.
    MySQL v5.1.58
    PHP v5.3.6

  16. #16
    SitePoint Wizard stereofrog's Avatar
    Join Date
    Apr 2004
    Location
    germany
    Posts
    4,324
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by devil_vin View Post
    Hey,guys!How to achieve that a form will be autmatically logout if user have more than 15 minutes of inactive,Thanks...
    Do you want the session to expire after 15 minutes or to close/reload the page currently open in browser if left unattended for 15 mins? For the first, store timestamp in session and check it after every session_start, for the second, use refresh or javascript's setTimeout, however this technique is utterly annoying.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •