PHP - Destroy session if not any action in 10 minutes

F

6

12

Is there any option to destroy a session if user does not perform any action in 10 minutes?

Frivolity answered 29/1, 2012 at 0:31 Comment(0)

T

16

session_start();

// 10 mins in seconds
$inactive = 600; 

$session_life = time() - $_SESSION['timeout'];

if($session_life > $inactive) {
   session_destroy();
   header("Location: logoutpage.php");
}

$_SESSION['timeout']=time();

The code above was taken from this particular page.

Trickle answered 29/1, 2012 at 0:34 Comment(2)

it's SO (StackOverflow) style to post the code directly and then link to the source. That way in a couple of years if the source closes your answer is still helpful. But don't forget to link! – Johnajohnath 29/1, 2012 at 0:41

@Johnajohnath Please make sure you edit it correctly next time. You removed part of the link making it point to a completely different thread! – Madagascar 9/5, 2018 at 12:10

S

11

Try setting the session timeout to 10 minutes.

ini_set('session.gc_maxlifetime',10);

Salome answered 29/1, 2012 at 0:36 Comment(1)

where should i put this line of code in session.php? – Omnipresent 2/7, 2021 at 5:20

S

4

I've done it with the following code:

//10 min
if( !isset($_SESSION['logout']) ){
      $_SESSION['logout'] = strtotime('+10 minutes', time()); 
    }

    if( time() > $_SESSION['logout'])
    {
      session_destroy();
        header("Location: index.php"); 
    }else{
            $_SESSION['logout'] = strtotime('+10 minutes', time());
        }
    //echo date('Y/m/d h:i:s',$_SESSION['logout']);
    //echo $_SESSION['logout'];

Symphonia answered 4/12, 2019 at 12:1 Comment(0)

F

3

i've modified the answer above, and it works fine :

// inactive in seconds
$inactive = 10;
if( !isset($_SESSION['timeout']) )
$_SESSION['timeout'] = time() + $inactive; 

$session_life = time() - $_SESSION['timeout'];

if($session_life > $inactive)
{  session_destroy(); header("Location:index.php");     }

$_SESSION['timeout']=time();

Fetlock answered 26/9, 2013 at 10:50 Comment(0)

C

2

Including the following javascript in the page will cause a check for inactivity by calling the function CheckIdleTime() every second. Activity on the page resets _idleSecondsCounter to 0.

<script type="text/javascript">
    var IDLE_TIMEOUT = 10 * 60;  // 10 minutes of inactivity
    var _idleSecondsCounter = 0;
    document.onclick = function() {
        _idleSecondsCounter = 0;
    };
    document.onmousemove = function() {
        _idleSecondsCounter = 0;
    };
    document.onkeypress = function() {
        _idleSecondsCounter = 0;
    };
    window.setInterval(CheckIdleTime, 1000);
    function CheckIdleTime() {
        _idleSecondsCounter++;
        var oPanel = document.getElementById("SecondsUntilExpire");
        if (oPanel)
            oPanel.innerHTML = (IDLE_TIMEOUT - _idleSecondsCounter) + "";
        if (_idleSecondsCounter >= IDLE_TIMEOUT) {
            // destroy the session in logout.php 
            document.location.href = "logout.php";
        }
    }
</script>

Clayberg answered 9/7, 2018 at 11:9 Comment(1)

While this code may answer the question, providing information on how and why it solves the problem improves its long-term value. – Iridectomy 9/7, 2018 at 11:39

B

0

compare timestamps between two requests, one from the current request, one stored in the session.

Boltzmann answered 29/1, 2012 at 0:40 Comment(0)

Recommended topics

Hot tags