CODEWITHSUNDEEP
phpsessionlogout
Mouhamad Ounayssi
Mouhamad Ounayssi

Reputation: 361

Auto Logout when user leaves the application without doing logout action

Sometimes, a user leaves an application without clicking on logout button, or do shutting down or hibernating of its Machine, or even close all sessions (pages) related to the application domain. So the server cannot knows that the user has been logged out! In our case, we have a "time spent on last session" parameter to check the time of the last session activated for each user.

We need to auto Logout the user when he leaves the application without doing logout action! Is there a process how to do it?

Upvotes: 0

Views: 2262

Answers (3)

johan
johan

Reputation: 1012

You could set a cron job on the server to check for stale sessions But this is not a great solution since you have to deploy another solution (cron job) with your project. The way I would do it is have a check_credentials.php file included in your project that runs right after your DB connection, you will then add two fields in your users table for your projects users called: session_id AND last_checkin. The process will work like so:

Login:

  1. A session is created and a session_id can be retrieved from PHP on first hit (not logged in yet)
  2. If the user authenticates save the session_id to DB with current timestamp as last_checkin

Then you can have all the users do stale session checks at every page request:

Page Query:

  1. Delete session_id's from all users where last_checkin is older than 10min.
  2. Check if my current session_id = db.session_id
  3. If session don't match log out and send user to login.php
  4. if session_id's match then update last_checkin

Upvotes: 1

Dimag Kharab
Dimag Kharab

Reputation: 4519

You can do something like ,

  1. Set a session once user has logged in to your Site.

    $_SESSION['last_activity_recorded'] = time();

    this will keep track the activity from user

  2. On every page update this session to updated time(ie current time)

  3. Check for inactivity from user (here 30 minutes) and take necessary steps in unsetting the login credentials(before updating the session on top of every page)

    if($_SESSION['last_activity_recorded'] < time()+30*60){ session_unset(); session_destroy(); }

Upvotes: 0

d.abyss
d.abyss

Reputation: 212

Try this:

if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > 600)) {
    session_unset();
    session_destroy();
}
$_SESSION['LAST_ACTIVITY'] = time();

If $_SESSION['LAST_ACTIVITY'] > 600 no activity in last 600 seconds (10minutes) then destroy session.

Upvotes: 0

Related Questions