Automatically re-direct a user when session Times out or goes idle

Question

I want to have a timer going to run every 3 minutes on the page (javascript), to detect if a php session ($_SESSION) has timed out... and if so, redirect them automatically.

A good example would be, a user logs in and runs up stairs, and never comes back down... I want the javascript to log them out with a simple redirect...

Is this possible? and how would I do such a thing? I am using PHP and JavaScript.

What Rob Kennedy said below is exactly what I am looking for:

...when the session times out, the browser should be told to navigate away from the current page. Some banks do this after a period of inactivity, for example.

Answer 1

You could use a simple meta refresh:

<meta http-equiv="refresh" content="180;url=http://example.com/logout" />

Or you implement a timeout with PHP:

session_start();
if (isset($_SESSION['LAST_REQUEST_TIME'])) {
    if (time() - $_SESSION['LAST_REQUEST_TIME'] > 180) {
        // session timed out, last request is longer than 3 minutes ago
        $_SESSION = array();
        session_destroy();
    }
}
$_SESSION['LAST_REQUEST_TIME'] = time();

Then you don’t need to check every 3 minutes if the session is still valid.

Answer 2

New and improved solution

As mr kennedy pointed out my original solution (below) doesn't work. so here is a way to do it.

In the user database keep a last-activity timestamp that updates every time a user loads a page.

Then in a checkaccess.php

if ( time-last_access > max_inactivity_time ) {
     return array('access' => '0');
}
else {
     return array('access' => '0');
}

Call checkaccess.php in the javascript timer(below) and logout accordingly

This also allows for a "currently logged in users" function

thanks mr kennedy

---

Original, non-working solution

Create a php page that returns 1 or 0 based on the validity of the current users session

Then in your pages that you want to timeout add this to the head (you need jquery)

setInterval(function(){
   var url = UrL_OF_SESSION_CHECKING_PAGE;
      $.getJSON( url,
         function( data ) {
            if (data.access=='0') {
               window.location = LOGIN_PAGE;
            }
         }
      );
}, 180000);

Every 180 seconds (3 minutes) it requests the php page and gets the validity of the session. If its invalid it redirects to a login page

If the user has multiple pages open the pages will timeout and redirect at different times because their timers are different.

Here's a good page on javscript timers http://ejohn.org/blog/how-javascript-timers-work/

Simple session checking page

session_start();
die(
    json_encode(
        isset( $_SESSION['VARIABLE'] ) ? array( 'access' => '1') : array( 'access' => '0' )
    )
);

change VARIABLE to one of your session variables