I want to destroy session if users are not doing any kind of activity on website. At that time after 5 users automatically redirect on index page. How is it possible? Is pos
This code was included in the connection.php to ensure that the code is included in any page but you can implement on any page you want
if (isset($_SESSION['user-session']) OR isset($_SESSION['admin-session']) ) {
//then we are checking the activity sesssion $_SESSION['']
if (isset($_SESSION['last_active'])) {
//if the time is set then we check the difference
$max_time=5*60; #number of seconds
$now=microtime(date("H:i:s"));
//Checking the last active and now difference in seconds
$diff=round(microtime(date("H:i:s"))- $_SESSION['last_active']); #the difference of time
if ($diff>=$max_time) { #if the difference is greater than the allowed time!
//echo "logging out couse the time is".$diff;
header("location:logout.php");
}else {
$time=microtime(date("H:i:s"));
$_SESSION['last_active']=$time; #Updating the time
//echo 'More time added the time was!'.$diff;
}
}else{
//if there is no last active then we create it over here
$time=microtime(date("H:i:s"));
$_SESSION['last_active']=$time;
}}
Simple solution using .htaccess
Add the below lines to your .htaccess file where 3600 is the number of seconds. Sessions will automatically be destroyed after certain time has nothing to do with the activity or inactivity.
According to the below code session will be destroyed after 1 hour.
php_value session.gc_maxlifetime 3600
php_value session.gc_probability 1
php_value session.gc_divisor 1
Pretty easy:
if(time() - $_SESSION['timestamp'] > 900) { //subtract new timestamp from the old one
echo"<script>alert('15 Minutes over!');</script>";
unset($_SESSION['username'], $_SESSION['password'], $_SESSION['timestamp']);
$_SESSION['logged_in'] = false;
header("Location: " . index.php); //redirect to index.php
exit;
} else {
$_SESSION['timestamp'] = time(); //set new timestamp
}
I got this solution from Sitepoint.com Using a simple meta tag in your html
<meta http-equiv="refresh" content="900;url=logout.php" />
The 900 is the time in seconds that you want the session to be terminated if inactive.
Hope it works for you
Edit: This method does not implement any other logic so will only work if you want to "force" logout as said in the comments
My Solution Is (i give you solution but this simple and syntax not been tried)
checkerOrCreatorTime.php
<?php
//if using the session, this additional advice me
ini_set('session.cookie_httponly', 1);
ini_set('session.use_only_cookies', 1);
session_start();
//create session (JUST FOR ONE TIME)
if (!isset($_SESSION['THE SESSION KEY FOR LOGIN (EX. USERNAME)'])){
//create anyting session you need
$_SESSION['user']['THE SESSION KEY FOR LOGIN (EX. USERNAME)'] = 'USER';
$_SESSION['user']['TIME'] = '900';
}else
if (time() -$_SESSION['TIME'] > 900){
unset($_SESSION['user']);
// and whatever your decision
}
?>
Faq:
1. Why use ['user'] is session login?
if you using many session for user, you just unset one var, like this.
2. why use a ini_set.... in this syntax?
for more security
if you like using modern web, just using javascript for ajax
session_start();
$t=time();
if (isset($_SESSION['logged']) && ($t - $_SESSION['logged'] > 900)) {
session_destroy();
session_unset();
header('location: index.php');
}else {$_SESSION['logged'] = time();}