Automatic Logout after 15 minutes of inactive in php

Question

I want to destroy session if users are not doing any kind of activity on website. At that time after 5 users automatically redirect on index page. How is it possible? Is possible in php with session handling and for that I have to maintain or update user login time or not..

Answer 1

Here is an example of the code.

session_start();
$t=time();
if (isset($_SESSION['logged']) && ($t - $_SESSION['logged'] > 900)) {
    session_destroy();
    session_unset();
    header('location: index.php');
}else {
    $_SESSION['logged'] = time();
}                          

Answer 2

This is relatively easy to achive with this small snippet here:

 if(time() - $_SESSION['timestamp'] > 900) { //subtract new timestamp from the old one
    echo"<script>alert('15 Minutes over!');</script>";
    unset($_SESSION['username'], $_SESSION['password'], $_SESSION['timestamp']);
    $_SESSION['logged_in'] = false;
    header("Location: " . index.php); //redirect to index.php
    exit;
} else {
    $_SESSION['timestamp'] = time(); //set new timestamp
}

Answer 3

I got this solution from Sitepoint.com Using a simple meta tag in your html

<meta http-equiv="refresh" content="900;url=logout.php" />

The 900 is the time in seconds that you want the session to be terminated if inactive.

Hope it works for you

Edit: This method does not implement any other logic so will only work if you want to "force" logout as said in the comments

Answer 4

You may create a cookie for a specific time. For example you could put this on your login page:

<?php
  setcookie('admin', 'abc', time()+50); 
?>

Then in some file part that is included in every page, like 'header.php', you may include:

<?php
  if (!isset($_COOKIE['admin'])) {
  echo "<script> location.href='logout.php'; </script>";   
  }

  setcookie('admin', 'abc', time()+50);
?>

In the above example, after 50s the cookie will die and the user will be logged out automatically.

Answer 5

Simple solution using .htaccess

Add the below lines to your .htaccess file where 3600 is the number of seconds. Sessions will automatically be destroyed after certain time has nothing to do with the activity or inactivity.

According to the below code session will be destroyed after 1 hour.

php_value session.gc_maxlifetime 3600

php_value session.gc_probability 1

php_value session.gc_divisor 1

Answer 6

This code was included in the connection.php to ensure that the code is included in any page but you can implement on any page you want

if (isset($_SESSION['user-session']) OR isset($_SESSION['admin-session']) ) {
//then we are checking the activity sesssion $_SESSION['']
if (isset($_SESSION['last_active'])) {

    //if the time is set then we check the difference
    $max_time=5*60; #number of seconds
    $now=microtime(date("H:i:s"));
    //Checking the last active  and now difference in seconds
    $diff=round(microtime(date("H:i:s"))- $_SESSION['last_active']); #the difference of time
    if ($diff>=$max_time) { #if the difference is greater than the allowed time!
        //echo "logging out couse the time is".$diff;
        header("location:logout.php");          
    }else {
        $time=microtime(date("H:i:s"));
    $_SESSION['last_active']=$time; #Updating the time 
    //echo 'More time added the time was!'.$diff;
    }
}else{
    //if there is no last active then we create it over here
    $time=microtime(date("H:i:s"));
    $_SESSION['last_active']=$time;
}}

Answer 7

<form action="index.php" method="post" name="frm"><input name="uname" type="text" placeholder="User Name" />
<input name="pass" type="password" placeholder="Password" />
<input name="submit" type="submit" value="submit" /></form>
In index.php
<?php if(isset($_SESSION['loggedAt'])) { header('dashboard.php'); } 
if(isset($_POST['submit'])) { $name=$_POST['uname']; $pass=$_POST['pass']; 
if($name=="admin" &amp;amp;amp;&amp;amp;amp; $pass=="1234") { 
session_Start(); $_SESSION['username']=$name; $_SESSION['loggedAt']=time(); header('location:dashboard.php?msg=Welcome to dashboard'); } } ?>
in dashboard.php
if(time() - $_SESSION['loggedAt'] > 240) { 
    echo"<script>alert('Your are logged out');</script>";
    unset($_SESSION['username'], $_SESSION['loggedAt']);
    header("Location: " . index.php);
    exit;
} else {
    $_SESSION['loggedAt'] = time();
}

Answer 8

My Solution Is (i give you solution but this simple and syntax not been tried)

checkerOrCreatorTime.php

<?php
//if using the session, this additional advice me
ini_set('session.cookie_httponly', 1);
ini_set('session.use_only_cookies', 1);
session_start();
//create session (JUST FOR ONE TIME)
if (!isset($_SESSION['THE SESSION KEY FOR LOGIN (EX. USERNAME)'])){
    //create anyting session you need
    $_SESSION['user']['THE SESSION KEY FOR LOGIN (EX. USERNAME)'] = 'USER';
    $_SESSION['user']['TIME'] = '900';
}else
if (time() -$_SESSION['TIME'] > 900){
    unset($_SESSION['user']);
    // and whatever your decision
}
?>

Faq:

 1. Why use ['user'] is session login?
    if you using many session for user, you just unset one var, like this.

 2. why use a ini_set.... in this syntax?
    for more security

if you like using modern web, just using javascript for ajax