Reputation:
Logout users if browser/tab gets closed and user didn't logoff orderly
I managed to get the query to update the database after 15 min of inactivity and log out the user. but when the user logs in and closes the browser, the only time they will be logged out is next time the go on the website. How can i do it so that even if they close the browser, the database still gets updated somehow?
// log out the user after 60 seconds of inactivity
if (isset($_SESSION['timestamp'])) {
$elapsed_time = time() - $_SESSION['timestamp'];
if ($elapsed_time >= 900) {
mysql_query("UPDATE `users` SET `status` = '0' WHERE `user_id` = '$session_user_id'");
session_destroy();
header('Location:index.php');
}
}
$_SESSION['timestamp'] = time();
at this point, if the user logs in and closes the browser, they will appear logged in forever
Upvotes: 1
Views: 2325
Answers (3)
Reputation: 11999
Execute an onUnload script
One option is to execute a JavaScript each time unloads a document:
<body onunload="ajaxDoLogoff()">
with
function ajaxDoLogoff() {
xmlhttp.open( "GET", "performLogoff.php", false );
xmlhttp.send();
}
Track user's activity and invalidate all inactive users
Or add a field lastActivity INT(11) to the user table which holds the unix timestamp.
If user does a login or a logged in user returns, keep track of his activity:
$query = 'UPDATE `users` '
. ' SET `status` = "1", '
. ' `lastActivity` = "' . $time() . '" '
. ' WHERE ( `userID` = "' . $userID . '" ) '
;
mysql_query( $query );
Sufficiently often, do the cleanup of outdated sessions:
$deadSessionTimestamp = time() - $thresholdInSeconds;
$query = 'UPDATE `users` '
. ' SET `status` = "0" '
. ' WHERE ( `lastActivity` < "' . $deadSessionTimestamp . '" ) '
;
mysql_query( $query );
Side effect: The application now tracks the last activity of each user.
Bonus: Show the last activity date/time upon a login operation
Using this query
$query = 'SELECT `lastActivity ` '
. ' WHERE ( `userID` = "' . $userID . '" ) '
;
and if a user submits userID/password, you might tell him the date/time of his last-time login.
Upvotes: 0
Reputation: 48357
Marc B suggests you should "Run a scheduled job on your system to log out anyone who's been idle for longer than a set period" - however this is no different when what the garbage collection in the session handler does.
I agree with Sverri that you shouldn't use a separate state variable when you need to track the last activity of the user anyway.
If it were me I'd implement the logic at the session manager tier - and refuse to load expired sessions.
Upvotes: 1
Reputation: 8652
you can update the activity of the user and just use the last timestamp. you can also run a worker that will update it
Upvotes: 0
Related Questions
- Auto Logout when user leaves the application without doing logout action
- Logout all open tabs automatically when user logs out in one of the opened tabs in php
- Force inactive user to logout
- Destroying a session when user closes tab or window
- How to automatically log out user when browser closes?
- How to automatically log out user when browser closes?
- PHP Log user out after closing the page (tab)
- how to logout session if user idle in php
- Force users to logout when they leave my php website?
- How do I make my site automatically sign out a user when they close their browser?