php - Logging out after certain amount of time - Stack Overflow

admin管理员组

文章数量:1314471

What would the best way be to logout a user from a PHP application (so basically just perform a redirect) after X seconds of inactivity? For "inactivity" I'd count the time of the last page load, and if the current time is more than X seconds away, perform the redirect.

Is this something that would need to be achieved with Javascript?

What would the best way be to logout a user from a PHP application (so basically just perform a redirect) after X seconds of inactivity? For "inactivity" I'd count the time of the last page load, and if the current time is more than X seconds away, perform the redirect.

Is this something that would need to be achieved with Javascript?

• php
• javascript

Share Improve this question Follow asked Aug 11, 2009 at 6:44 James InmanJames Inman 1,00244 gold badges1717 silver badges3232 bronze badges

Add a ment  | 

4 Answers 4

Sorted by: Reset to default 6

You can use just html meta tag:
<meta http-equiv="refresh" content="1000;url=buy.aspx">
put it in head
where 1000 is a time in sec and url is an url to redirect.

Just answered this question yesterday... the OP wanted to ask after certain amount of time, it the user would like to stay logged in or not.

For a plain redirect without any confirmation, you can use a simple setTimeout call:

var minutes = 30;
setTimeout(function(){location.href = 'logout.php';}, minutes*60*1000); 

Do you really want a redirect for some reason?

Usually each user session has an associated timestamp. You then make sure the session hasn't expired for the user, or ask them to log in. So in effect, you're just making sure sessions are valid.

If you redirect someone to a logout page, you really are not achieving anything. You will also need to make sure the session has not timed out server side. Anything that is client side, including redirects to a logout page, is unreliable, and can be circumvented.

The simplest form in PHP:

<?php 

session_start();

$session_lifetime = 60*60; // 1 hour

if (!isset($_SESSION['time']) || !$_SESSION['time']) {
$_SESSION['time'] = time();
}

if (time() - $_SESSION['time'] > $session_lifetime) {
// session has expired
$_SESSION['user'] = null;
$_SESSION['time'] = null;
} else {
// keep session alive
$_SESSION['time'] = time();
}

What if the user starts typing in the form on the page and hasn't finished by your time out period? I handle inactivity in another way than described in other answers so far.

var rowLockSeconds = 0;

function startRowLockTimer()
{
   setInterval("incrementRowLockTimer()",60000);
   $("input").keypress(function (e) { rowLockSeconds=0; }).click( function() { rowLockSeconds=0;  });
   $("textarea").keypress(function (e) { rowLockSeconds=0; }).click( function() { rowLockSeconds=0; ; });

   window.onbeforeunload = function obul() { if (hasChanged) { return 'You will lose any unsaved changes you\'ve made.'; } }
   window.onunload = clearRowLock;
}

So as they've logged in, the row lock timer starts at 0. Every 60 seconds it calls the interval function to see if it has timed out.

function incrementRowLockTimer()
{
rowLockSeconds = rowLockSeconds+60;

// 10 minute timer to clear someone out of a page if there has been no activity
if (rowLockSeconds >= 600)
{
    window.onbeforeunload=null;
    // clear rowLock with request here
    $.get('../ajax/rowLock-server.php?do=delete&rowLockID='+currentRowLockID+'&userUUID='+currentUserUUID, function() { 
        alert('You have been logged out of this page after 10 minutes of inactivity.');
        document.location.href='../main.php';
    });
}
}

The AJAX controls clear out the DB row lock.

The key is the input and textarea bindings so that if the user types anything into the form, the timeout is reset and they have another 10 minutes.

本文标签： phpLogging out after certain amount of timeStack Overflow