devil_vin — 2007-10-23T12:51:13-04:00 — #1
Hey,guys!How to achieve that a form will be autmatically logout if user have more than 15 minutes of inactive,Thanks...
galen — 2007-10-23T14:20:17-04:00 — #2
Every time a user loads a page put the time the page was loaded in a variable somewhere(cookie, table).
Then use the time in the variable (time of last page load) and compare it to the current time(time of current page load) and if it is > 15 minutes log the user out.
devil_vin — 2007-10-23T14:31:48-04:00 — #3
Is it what you meant?
$starttime = microtime();
$startarray = explode(" ", $starttime);
$starttime = $startarray + $startarray;
$totaltime = time() - $starttime;
if ($totaltime > 15*60)
libranet — 2007-10-23T15:19:47-04:00 — #4
This code won't work, this code means to log out the user if the code between 3rd line and 5th line takes 15 minutes to run.
As galen mentioned, when the user logs in, you can store the time in session or a db table, then whenever the user accesses a page, you can compare the current time with the stored time. If the difference is > 15 minutes, you can log out the user, else update the time to current time. You can put this code in the logic where you check if a user is logged in.
sandal — 2007-10-23T15:30:54-04:00 — #5
I prefer using META REFRESH method:
<meta http-equiv="refresh" content="900;url=logout.php" />
When user open a page, the browser will count for 900 seconds (15 minutes). When it reached 900, the browser will redirect the page into logout.php
madmike — 2007-10-23T15:53:32-04:00 — #6
Unique solution. I like it
cvper — 2007-10-23T16:18:55-04:00 — #7
or set in header
and setting the session time-out no more than 15 minutes too may give your site more secure.
aliendev — 2007-10-23T16:56:39-04:00 — #8
Doesnt work. If user closes browser, comes back 2 hours later, and the site auto-logs user in thru cookies, well the whole "log out after 15 minutes" goal is failed.
Also uses clients system resources when they might not want you to (eg they leave browser open while playing CPU intensive game).
Much better to store time() in a DB, and check at the start of every page load if the stored time() if more than 60*15 away from the current time.
jake_arkinstall — 2007-10-23T17:00:52-04:00 — #9
However, I know that Vin's on about sessions - so if they close the browser, it logs out anyway.
aliendev — 2007-10-23T17:07:47-04:00 — #10
If a user is told they will be logged out after 15 minutes of activity then thats the way it should be. Shouldnt matter if the browser is closed or not. The cookies should log the user back in if the browser was closed for less than 15 minutes.
Telling a user they will be logged out after 15 minutes, but logging them out after only 2 minutes because the browser is closed and opened again is lying. And it shouldnt happen. Its not hard to do either.
jake_arkinstall — 2007-10-23T17:27:36-04:00 — #11
It's not hard to do, but the system in question isn't based on a community, but of a small booking system - which doesn't need to worry about that kind of thing.
Of course, if it was a community then you have a good point, and cookies would be useful.
libranet — 2007-10-23T17:29:14-04:00 — #12
This won't work if a user opens multiple windows on the same site. Eg, if a user opens one window then opens another one in 10 minutes later. The first window would redirect to logout.php to kill the user's session which shouldn't, because the user is still in active mode within the past 15 minutes.
aliendev — 2007-10-23T17:32:33-04:00 — #13
Yup. So many people use tabs now that using meta redirects would be totally stupid.
cascadingstylez — 2007-10-23T18:15:53-04:00 — #14
Regardless of what system you are using, large or small you should alway aim for user satisfaction. Misleading the users is bad.
Its always good practice to spend the extra time and do things right the first time round, so in the future you won't have to slog out the extra time doing what you could have done at first. Like you said, if its not hard, its not a problem is it
brandonk — 2007-10-23T18:49:12-04:00 — #15
Flip it. Check for expiration first; if the user is within the time limits, refresh the time limit.
The meta refresh is a good idea too, just make sure that when you refresh, you double check that the session/cookie hasn't been updated by another page. I like the idea of combining everything that has been mentioned.
stereofrog — 2007-10-24T05:00:18-04:00 — #16