I want to have a timer going to run every 3 minutes on the page (javascript), to detect if a php session ($_SESSION) has timed out... and if so, redirect them automatically.
A good example would be, a user logs in and runs up stairs, and never comes back down... I want the javascript to log them out with a simple redirect...
Is this possible? and how would I do such a thing? I am using PHP and javascript.
Edit: What Rob said below is exactly what I am looking for... and I safely \'quote \'...
I suspect what Mike is asking for is that when the session times out, the browser should be told to navigate away from the current page. Some banks do this after a period of inactivity, for example. – Rob Kennedy 5 hours ago
You could use a simple meta refresh:
<meta http-equiv="refresh" content="180;url=http://example.com/logout" />
Or you implement a timeout with PHP:
session_start();
if (isset($_SESSION['LAST_REQUEST_TIME'])) {
if (time() - $_SESSION['LAST_REQUEST_TIME'] > 180) {
// session timed out, last request is longer than 3 minutes ago
$_SESSION = array();
session_destroy();
}
}
$_SESSION['LAST_REQUEST_TIME'] = time();
Then you don’t need to check every 3 minutes if the session is still valid.
As mr kennedy pointed out my original solution (below) doesn't work. so here is a way to do it.
In the user database keep a last-activity timestamp that updates every time a user loads a page.
Then in a checkaccess.php
if ( time-last_access > max_inactivity_time ) {
return array('access' => '0');
}
else {
return array('access' => '0');
}
Call checkaccess.php in the javascript timer(below) and logout accordingly
This also allows for a "currently logged in users" function
thanks mr kennedy
Create a php page that returns 1 or 0 based on the validity of the current users session
Then in your pages that you want to timeout add this to the head (you need jquery)
setInterval(function(){
var url = UrL_OF_SESSION_CHECKING_PAGE;
$.getJSON( url,
function( data ) {
if (data.access=='0') {
window.location = LOGIN_PAGE;
}
}
);
}, 180000);
Every 180 seconds (3 minutes) it requests the php page and gets the validity of the session. If its invalid it redirects to a login page
If the user has multiple pages open the pages will timeout and redirect at different times because their timers are different.
Here's a good page on javscript timers http://ejohn.org/blog/how-javascript-timers-work/
Simple session checking page
session_start();
die(
json_encode(
isset( $_SESSION['VARIABLE'] ) ? array( 'access' => '1') : array( 'access' => '0' )
)
);
change VARIABLE to one of your session variables
If you want this to happen before the page is even refreshed, you'll want periodic ajax calls. You can use jQuery Heartbeat to make calls every 3 minutes, and use one of the PHP methods already provided by other users to check the session