I am aware that similar questions have been asked, but none seem to have a good solution. I have a auto logout function ( see below).
However if the tab/browser is closed, the session is never destroyed, and more importantly the DB table tblTimeLog is not updated.
What I want to do is for the "timer to keep running" even tho the browser or tab is closed. Any suggestions on how to achieve this?
Auto logout function:
<?
session_start();
// set timeout period in seconds
$idleTime = 2400;
header("refresh: 2400");
// check to see if $_SESSION['timeout'] is set
if(isset($_SESSION['timeout']) ) {
$session_life = time() - $_SESSION['timeout'];
if($session_life > $idleTime) {
$db->Execute("UPDATE tblTimeLog SET LogoutTime = NOW() WHERE sid ='".session_id()."'".$row['konsulentid'].'');
session_destroy();
header("Location: login.php?loggut");
exit();
}
}
$_SESSION['timeout'] = time();
?>
Your issue is that the auto-logout only takes effect upon a request to your server.
You want your system to log users out regardless of whether they're still making requests or not.
One simple solution would be to set up a cron job to call a PHP script every minute or so. Have the script loop through all users, and log them out if necessary. This would require you to additionally store the last time they made a request in the database, as that's currently stored in a session that you would not have access to in a different script.
Alternatively, on a successful (logged in) request, you could schedule a script to log the user out. On each subsequent request, cancel that scheduled execution and schedule another.
Which solution you choose will depend on your exact system. Weigh up the pros and cons of each. The first might not be suitable, for example, because it will run all the time regardless of whether anyone is actually logged in.
IMO a reasonable solution is to have a cron job that periodically goes through all sessions in tblTimeLog table and updates the table's LogoutTime if timeout occured. Next time, if client with session id that got logged out by the cron script connects again, you destroy the session cookie. This would only require storing in the DB session expiration time.