how to logout session if user idle in php

Question

I am new to php and am trying to build a website. I would like to logout user session if he is idle for some time. I searched the web but i couldn't find the proper code. How do you check whether user is idle or not in php?. Can anyone help me please.

Answer 1

There are a few ways to do this. Here are a couple...

• set a session expiry time, such that after a certain amount of time, the session expires and is no longer valid.

• set a 'time' flag as session data, and check if their session is still 'new enough' to keep them logged in each pageload.

I would opt for the second choice, as it can be difficult to set the right values in PHP such that the session expires securely, and the way you want it to. With the second option, all you have to do is make sure the session will not expire before you want it to, which is easier.

Code example for option 2:

//on pageload
session_start();

$idletime=60;//after 60 seconds the user gets logged out

if (time()-$_SESSION['timestamp']>$idletime){
    session_destroy();
    session_unset();
}else{
    $_SESSION['timestamp']=time();
}

//on session creation
$_SESSION['timestamp']=time();

---

EDIT:

Your comment explains that you'd actually like to keep track of mouse events and other things on the client side to determine if the user is idle. This is more complicated. I will give a general solution, and then offer a couple suggestions for optimizations and improvements.

To accomplish what you've described, you must track clientside activity (mouse movements, keyboard strokes etc) and process that information on the server side.

Tracking clientside activity will require javascript event handlers. You should create an event handler for every action you want to count as 'not being idle', and keep track (in a javascript variable) of when the last time they've been idle is.

Processing that info on the server side will require you to use ajax to send the last time they've been idle to the server. So every few seconds, you should send the server an update (using javascript) which specifies how long the user has been idle.

A couple extra suggestions:

1. You should not rely on this ajax solution as the only way to track user activity, as some users will not have JS enabled. So, you should also track user activity on pageload. Accordingly you should probably not set the idle time too low (at least for non-JS users), as non-JS users will not be sending any data to the server until pageloads occur.

2. You should send updates to the server via ajax as infrequently as possible about user activity to decrease demand on the server. To do this, simply have javascript keep track of when the user would time out. If it gets to the point where the user is about to time out (say, in about a minute or so), then and only then ping the server.