Automatic Logout after 15 minutes of inactive in php

Question

I want to destroy session if users are not doing any kind of activity on website. At that time after 5 users automatically redirect on index page. How is it possible? Is pos

Answer 1

This code was included in the connection.php to ensure that the code is included in any page but you can implement on any page you want

if (isset($_SESSION['user-session']) OR isset($_SESSION['admin-session']) ) {
//then we are checking the activity sesssion $_SESSION['']
if (isset($_SESSION['last_active'])) {

    //if the time is set then we check the difference
    $max_time=5*60; #number of seconds
    $now=microtime(date("H:i:s"));
    //Checking the last active  and now difference in seconds
    $diff=round(microtime(date("H:i:s"))- $_SESSION['last_active']); #the difference of time
    if ($diff>=$max_time) { #if the difference is greater than the allowed time!
        //echo "logging out couse the time is".$diff;
        header("location:logout.php");          
    }else {
        $time=microtime(date("H:i:s"));
    $_SESSION['last_active']=$time; #Updating the time 
    //echo 'More time added the time was!'.$diff;
    }
}else{
    //if there is no last active then we create it over here
    $time=microtime(date("H:i:s"));
    $_SESSION['last_active']=$time;
}}

Answer 2

Simple solution using .htaccess

Add the below lines to your .htaccess file where 3600 is the number of seconds. Sessions will automatically be destroyed after certain time has nothing to do with the activity or inactivity.

According to the below code session will be destroyed after 1 hour.

php_value session.gc_maxlifetime 3600

php_value session.gc_probability 1

php_value session.gc_divisor 1

Answer 3

Pretty easy:

 if(time() - $_SESSION['timestamp'] > 900) { //subtract new timestamp from the old one
    echo"<script>alert('15 Minutes over!');</script>";
    unset($_SESSION['username'], $_SESSION['password'], $_SESSION['timestamp']);
    $_SESSION['logged_in'] = false;
    header("Location: " . index.php); //redirect to index.php
    exit;
} else {
    $_SESSION['timestamp'] = time(); //set new timestamp
}

Answer 4

I got this solution from Sitepoint.com Using a simple meta tag in your html

<meta http-equiv="refresh" content="900;url=logout.php" />

The 900 is the time in seconds that you want the session to be terminated if inactive.

Hope it works for you

Edit: This method does not implement any other logic so will only work if you want to "force" logout as said in the comments

Answer 5

My Solution Is (i give you solution but this simple and syntax not been tried)

checkerOrCreatorTime.php

<?php
//if using the session, this additional advice me
ini_set('session.cookie_httponly', 1);
ini_set('session.use_only_cookies', 1);
session_start();
//create session (JUST FOR ONE TIME)
if (!isset($_SESSION['THE SESSION KEY FOR LOGIN (EX. USERNAME)'])){
    //create anyting session you need
    $_SESSION['user']['THE SESSION KEY FOR LOGIN (EX. USERNAME)'] = 'USER';
    $_SESSION['user']['TIME'] = '900';
}else
if (time() -$_SESSION['TIME'] > 900){
    unset($_SESSION['user']);
    // and whatever your decision
}
?>

Faq:

 1. Why use ['user'] is session login?
    if you using many session for user, you just unset one var, like this.

 2. why use a ini_set.... in this syntax?
    for more security

if you like using modern web, just using javascript for ajax

Answer 6

                      session_start();
                      $t=time();
                      if (isset($_SESSION['logged']) && ($t - $_SESSION['logged'] > 900)) {
                      session_destroy();
                      session_unset();
                      header('location: index.php');
                      }else {$_SESSION['logged'] = time();}