CODEWITHSUNDEEP
javascriptphpjqueryajax
Yann Thibodeau
Yann Thibodeau

Reputation: 1261

logout timer php/javascript

I have a javascript timer to logout the user after a certain period of innactivity (when there is no mouse movement or clicks on the document).

document.onkeypress = ResetTimer;
document.onmousemove = ResetTimer;
wait = 10;
function ResetTimer()
{
    time = new moment();
    clearTimeout(timer);
    timer = setTimeout("Logout()", 60000 * wait); //logout the user with an ajax call
}

I also have a session variable which tracks the last time the user has made a php call. If the user hasn't made any request in 10 minutes, the user is logged out. The issue I am having here is that if the user moves on document while staying on the same page, he won't get disconnected by the javascript, but the PHP will on his next request. Would it be a good practice to refresh the session variable with an ajax call after 9 minutes the user is on the same page (since the wait time is 10 minutes)?

Upvotes: 0

Views: 1533

Answers (2)

Lucas Tettamanti
Lucas Tettamanti

Reputation: 1810

Do that in the frontend and save requests.

UPDATE: Well, I hope it is without bugs, it just an example. You don't need the backend for inactivity control its a frontend responsability, if some user dont use javascript you cannot check inactivity too so, inthe worst case is the same, control this from backend its pointless, let javascript do all the work. Disconnect someone due inactivity its not a security thing, you dont need the backend.

Here is how you do that.

(function(d) {
  var time = 15000 * 60; // 15'
  var timer;

  var setTimer = function() {
    timer = setTimeout(function() {
      console.log("its time to log out");
      // delete phpsessid
      deleteCookie("PHPSESSID");
    }, time);
  };

  var getEvents = function() {
    var res = [];
    for(var k in d) {
      if(k.indexOf("on") === 0) {
        res.push(k.slice(2).toLowerCase());
      }
    }
    return res;
  };

  var refreshTimer = function() {
    clearTimeout(timer);
    console.log("clear");
    setTimer();
  };

  var deleteCookie = function(cname) {
    var date = new Date(-1);
    date.setTime(date.getTime());
    d.cookie = cname + "=1; " + "expires=" + date.toUTCString();
  };

  getEvents().forEach(function(evt) {
    d.addEventListener(evt, function() {
      refreshTimer();
    });
  });

  setTimer();
})(document);

Upvotes: 1

kieranpotts
kieranpotts

Reputation: 1606

You could use window.setInterval(). Set a callback function to run every 10 minutes. That callback would fire off an Ajax request to the server and request the server-side application to logout the user.

But, whenever the user interacts with the UI, clear the interval and start a new one.

Thus the logout Ajax request will happen once after 10 minutes of inactivity.

function callback() {
    // XMLHttpRequest to logout the user.
}

var intervalID = setInterval(callback);

// To cancel the interval and start a new one:
clearInterval(intervalID);
intervalID = window.setInterval(callback);

Upvotes: 1

Related Questions