User Inactivity Logout PHP

2019-02-14 16:32发布

问题:

I want my users to be logged out automatically after X minutes of inactivity. I also want to have all sessions destroyed.

How can this be done? How can I check for inactivity then perform a function to log them out???

回答1:

You could also do:

$_SESSION['loginTime'] = time();

On every page, and when the user is trying to navigate and he has been inactive for an twenty minutes you can log him out like this:

if($_SESSION['loginTime'] < time()+20*60){ logout(); }


回答2:

I tired Michiels approach and got no where. On investigation I saw that the if statement simply added the expiry period to the current time so the statement never fired.

This is my altered version:

set this when logging in user or loading a secure page:

 $_SESSION['expire'] = time()+1*60;

And use this to see if the expiry time is less than current time (i.e we're past the expiry limit):

if(time() > $_SESSION['expire']){
 $user -> logout();
}


回答3:

You can set session time out limit like:

ini_set('session.gc_maxlifetime',30);

Here is the possible solution for you.



回答4:

Depending on how fast your server is and how many users you have, you can have it send a request to your server whenever a user does anything (navigates, clicks a button, whatever). From this request, update a SQL table with their last activity time.

Have a cron job run through the table at some regular interval and delete the sessions of the users that have been inactive for whatever your threshold is going to be.

If your server is slow or you have a lot of users, you can have this script run infrequently.



回答5:

PHP's session mechanism already have a garbage collector based on the inactivity timeout. You have no worry about.



回答6:

You can set the last active time by $_SESSION['lastactive'] = time() and update it every time when user navigates to a new page. Then you can have a function timeout() on every page .

function timeout()    
{
    $maxtime = 60*2; // Here , maxtime has been set to 2 minutes

if(isset($_SESSION['lastactive']) and (time() - $_SESSION['lastactive'] > $maxtime )) // subtracting current time from lastactive time and seeing if it exceeded timeout limit.
{
    signout(); //logging out        
}

if(isset($_SESSION['lastactive']) and (time() - $_SESSION['lastactive'] < $maxtime )) // subtracting current time from lastactive time and seeing if it exceeded timeout limit.
{   
    return 1; // timeout limit not exceeded     
}   
else
{
    if(!isset($_SESSION['lastactive']))
    {

        $_SESSION['lastactive'] = time(); //if lastactive is not set
    }
}
}


回答7:

Use unset($_SESSION['NAME']); or session_destroy();. You could also change the value of the session.

To do this at a certain time, you would need to set a timestamp in the database, and then call it to check if it's beyond X minutes. Look at the link at the bottom.

I'd personally just use cookies and make them expire at a certain time, but whatever floats your boat.

If current time is more than 30 seconds past time X (from the database)



回答8:


$(document).ready( function()
{
setTimeout(function() { CALL LOGOUT.PHP VIA AJAX }, 720000);

});

720000 means 12 minutes ( for illustration purpose )
put this script in your header and set ur own time of inactivity
you can set what time u want , it will be work like if you set 5 minutes then when u login to system then it start count for 5 min. but if u click on any module this script will be reloaded , because when page turns then header is also reload when script is reload then it start count from 0 (initial), but if u cant access the system within 5 min. then it will load the logout.php and system will logs-out



回答9:

this is how i do it :

//set timeout period in seconds
$idleTime= 60*2;
//check to see if $_SESSION['timeout'] is set
if(isset($_SESSION['timeout'])){
$session_life = time() - $_SESSION['timeout'];
if($session_life > $idleTime){
// your logout code here*
     }
}
$_SESSION['timeout'] = time();

This makes $_SESSION['timeout'] reset every time a page is reloaded, i have this in an include file in the header of every sub page, works for me atleast.



回答10:

The simplest way is this. Send the user to a log out page if they are not activating certain elements on your website

$secondsWait = 300; // these are seconds so it is 300s=5minutes
header("refresh:$secondsWait; logout.php");

contents for the redirect... logout.php, destroy any sessions and maybe also send a message alerting the user why they were logged out

<?php
session_start();
session_unset();
session_destroy();  
?>