开发者

auto logout user after # mins of inactivity

开发者 https://www.devze.com 2023-02-24 10:34 出处:网络
i have a client side jquery script that logs the user off after 5 mins of inactivity. The problem is though is the user navigates away without logging out the session 开发者_开发问答stays active. If t

i have a client side jquery script that logs the user off after 5 mins of inactivity. The problem is though is the user navigates away without logging out the session 开发者_开发问答stays active. If the user closes the browser shouldnt that destroy the session since sessions stay alive for the duration of the browsers being open or the user logs off?

anywho this is what i have

(function($){
    $(document).bind("idle.idleTimer", function(){
        document.location = "orders.php?action=logoff&session=timeout";
    });
    //var minute = 60000; //1 minute is 60,000 miliseconds.
    var minute = 300000; //5 minutes
    var timeout = minute;
    $.idleTimer(timeout);

})(jQuery);

how can i implement a server side if the user navigates away? I was thinking of using cron but then that would be not the right way (im thinking but then maybe im wrong)

i read this post User Inactivity Logout PHP

and i don't see how the session can still take effect if the user navigates away


Navigating away necessarily doesn't expire the session, its closing the browser that does.

  1. I would implement the check on the server side.
  2. If the session is invalid, you should send down a 400 HTTP status code, which your JS code can use to identify that the user is no longer allowed to use the resource and hence redirect to the login page.
  3. Set cookies expiry values to something that suits your application better.


Sarmen, the easiest way is to use the php session garbage collection to suit your need:

http://www.php.net/manual/en/session.configuration.php#ini.session.gc-maxlifetime

300s will meet your requirement.


All you need to do is add some code to your orders.php file.

What you need to do is have a few if statements checking for your $_GET variables of action and session.

If both of those requirements are met then you just need to destroy your session with session_destroy();

you can also redirect them to any page if you would like using header();

0

精彩评论

暂无评论...
验证码 换一张
取 消