I have a php webpage that logs users out after 10 seconds of inactivity. After 10 seconds, I need to hit the refresh button before it redirects to the main index.php page. How do I make a popup box displaying "You are logged out due to inactivity" and after that it redirects to index.php without refreshing?
P/S: I'm a student learning the basics so I don't know much.
session_start();
$timeout = 10;
// Check if the timeout field exists.
if(isset($_SESSION['timeout'])) {
// See if the number of seconds since the last
// visit is larger than the timeout period.
$duration = time() - (int)$_SESSION['timeout'];
if($duration > $timeout) {
// Destroy the session and restart it.
session_destroy();
session_start();
}
}
So I tried something like this using alert.Why doesn't it work?
<?php
//include ("popup.php");
session_start();
$timeout = 10;
// Check if the timeout field exists.
if(isset($_SESSION['timeout'])) {
// See if the number of seconds since the last
// visit is larger than the timeout period.
$duration = time() - (int)$_SESSION['timeout'];
if($duration > $timeout) {
echo"<script type='javascript'>alert('10 seconds over!');
header("location:../../index.php");
</script>";
}
// Destroy the session and restart it.
session_destroy();
session_start();
header("location:../../index.php");
}
// Update the timout field with the current time.
$_SESSION['timeout'] = time();
Implement a popup with Javascript; or
In your conditional, use header("Location: logout-notice.php");
Edit:
I can't test right now, but based on your update, the things I see is that you're checking for $_SESSION['timeout'] but I don't see it declared or given a value anywhere. You have the variable of $timeout set at the top but they're different variables.
Maybe something like this:
$_SESSION['timeout'] = time() + $timeout; // should = 1491838370 if set at UNIX time of 1491838360
if(time() > $_SESSION['timeout']){ // evaluated at 1491838380 which is > 1491838370 results in true
?>
<script type='javascript'>alert('10 seconds over!');</script>
<?php
header("Location: ../../index.php");
}
The question is where/how you'll be evaluating this. If you want each user's action to validate whether they've been active, you can include this script at the beginning of each file. The downside is that if they're inactive for a minute, it won't evaluate until they do something.
You could use a pure javascript version relying on SetInterval or SetTimeout to evaluate every ten seconds and pop up an alert with a window.location.href to index.php as well. Something like this (again you may need to tweak, this is untested):
var checkSession = setInterval(
function({
var sessionExpires = <?=$_SESSION['timeout']?>; //this is probably considered heresy, but as long as the javascript is evaluated by the PHP processor, it should work
var currentTime = Math.floor((new Date).getTime()/1000);
if(currentTime > sessionExpires ){
alert("Take your stuff and go!");
window.location.href = "../../index.php";
}
}, 10000);
Related
i am looking for solution of my answer which is half completed i have to make the user logout from my website and i used your solution which is as follow:-
if( $_SESSION['last_activity'] < time()-$_SESSION['expire_time'] ) {
//have we expired?
//redirect to logout.php
header('Location: '.BASE_FULL_PATH.'/user/logout'); //change yoursite.com to the name of you site!!
} else{ //if we haven't expired:
$_SESSION['last_activity'] = time(); //this was the moment of last activity.
}
$_SESSION['logged_in'] = true;
$_SESSION['last_activity'] = time();
$_SESSION['expire_time'] = 24*60*60;
and it is working perfectly but i need to have an alert box when the session is about to expire.Try lot of stuff but doesn't help.Please reply and thanks for your brilliant demo
I know , this is not an efficient way, But you can try this.
try ajax, that runs a php file in server every 5 or 10 second time gap.
that ajax running php file contains session last_activity and expire_time comparing code,
<?php
$warning=100;
if( $_SESSION['last_activity']+warning < time()-$_SESSION['expire_time'] ) {
?>
<script type="text/javascript">
alert("Your session will expire soon!");
</script>
<?php
}
?>
You can set the variable $warning to adjust the alert message time.
Since your session expiry will reset every time you reload the page, then you can use the expiry time as the time argument of JavaScript's setTimeout() function.
var sessionExpiryTime = 24 * 60 * 60;
var sessionExpiryAlertTime = sessionExpiryTime - 5; //assuming we want the alert to show 5 seconds before expiry
setTimeout(function({
alert("Session about to expire!");
}, sessionExpiryAlertTime * 1000); //time is in milliseconds so we multiply by 1000
This works okay as long as the user has JavaScript enabled. If the user reloads the page, the expiry timer updates as per your php code and the setTimeout() function restarts.
This question already has answers here:
PHP Session timeout
(8 answers)
How do I expire a PHP session after 30 minutes?
(17 answers)
Closed 9 years ago.
I want to auto logout from index.php after session expired in 10 minutes. Please help?
I already have this:
//this is login.php
//register the session for user and password
session_register("userName");
session_register("password");
if($userType=="Web_User"){
header("location:index.php?");
}
//index.php
//check session start or not
<?php
if (!isset($_SESSION['start_time']))
{
$str_time = time();
$_SESSION['start_time'] = $str_time;
}
echo $_SESSION['start_time'];
//here I want to expired if user inactive for 10 minutes and redirect to the login.php
?>
I found this in stackoverflow
<script>
var timer = 0;
function set_interval() {
timer = setInterval("auto_logout()", 600000);
// set to 10 minutes
}
function reset_interval() {
//resets the timer. The timer is reset on each of the below events:
// 1. mousemove 2. mouseclick 3. key press 4. scroliing
//first step: clear the existing timer
if (timer != 0) {
clearInterval(timer);
timer = 0;
// second step: implement the timer again
timer = setInterval("auto_logout()", 600000);
// completed the reset of the timer
}
}
function auto_logout() {
// this function will redirect the user to the logout script
window.location = "logout.php";
}
</script>
and in the body tag
onLoad="set_interval();" onmousemove="reset_interval();" onclick="reset_interval();" onkeypress="reset_interval();" onscroll="reset_interval();"
You could set a php session timeout or hard code it in like this.
Add this to when a user is logged in.
$_SESSION['start_time'] = strtotime("now");
Add this where you want to check if they have elapsed 10 minutes.
if($_SESSION['start_time'] <= strtotime("-10 minutes"))
{
//Log them out.
}
If user is inactive for some specific duration, then it should autometically log out. So how I can do this using codeigniter?
OR
how to check whether user is active or not after login on that site?
// Add the following into your HEAD section
var timer = 0;
function set_interval() {
// the interval 'timer' is set as soon as the page loads
timer = setInterval("auto_logout()", 10000);
// the figure '10000' above indicates how many milliseconds the timer be set to.
// Eg: to set it to 5 mins, calculate 5min = 5x60 = 300 sec = 300,000 millisec.
// So set it to 300000
}
function reset_interval() {
//resets the timer. The timer is reset on each of the below events:
// 1. mousemove 2. mouseclick 3. key press 4. scroliing
//first step: clear the existing timer
if (timer != 0) {
clearInterval(timer);
timer = 0;
// second step: implement the timer again
timer = setInterval("auto_logout()", 10000);
// completed the reset of the timer
}
}
function auto_logout() {
// this function will redirect the user to the logout script
window.location = "your_logout_script.php";
}
// Add the following attributes into your BODY tag
onload="set_interval()"
onmousemove="reset_interval()"
onclick="reset_interval()"
onkeypress="reset_interval()"
onscroll="reset_interval()"
You can save the time that your user logged-in in a session or a cookie
Example: $this->session->set_userdata('time', time());
and use a javascriptjQuery function (Exp. $.getJSON('time.php', function (data) {alert(data.serverTime);});) or anything else to check the current time. Then, log your user out when needed.
However, next time, please place code or something else that shows your efforts.
<?php
$minutes=3;//Set logout time in minutes
if (!isset($_SESSION['time'])) {
$_SESSION['time'] = time();
} else if (time() – $_SESSION['time'] > $minutes*60) {
session_destroy();
header(‘location:login.php’);//redirect user to a login page or any page to which we want to redirect.
}
?>
... which was originally taken from skillrow.com/log-out-user-if-user-is-inactive-for-certain-time-php/ (now 404).
I want one session variable to be cleaned every 24 hours .I don't want to kill or unset all the sessions just one session to be unset every 24 hours a day.
When the session is 1st created on the client just give it a date:
if(!isset($_SESSION['date'])
$_SESSION['date'] = date('m_d_y');
Then whenever the page changes check that date:
if($_SESSION['date'] == date('m_d_y')){
//still today
}
else {
//destroy session
}
Or you could do it with timestamp and check based on the number of hours:
if(!isset($_SESSION['creationTime'])
$_SESSION['creationTime'] = time();
if (time() - $_SESSION['creationTime'] <= 60*60*24 ){
//still today
}
else {
//destroy session
}
try to set Cookie expired time into now() + 24 hours...
When you creating session, write to it timestamp. Then you are using seesion check the actually timestamp and of creating session, then if difference is grather than 86400, then drop session and create new one.
This solution prevent users from using sessions older than 24hours. You can apply other comparing algorithm to eg. prevent users from using session before 1AM of current day. Then will be work exaclly same when you will want erase session every 24hours in 1AM every day.
When create session (maybe when user login), declare session timeout:
session_start();
$_SESSION["timeout"] = time()+ (60*60*24);
Create backend function / page where jquery can call every 10 seconds / 5 seconds up to you (I save it as get_session.php):
session_start();
$session_life = time() - $_SESSION["timeout"];
$inactive = 0;
if($session_life > $inactive){
session_destroy();
echo 'Destroyed';
}
The jquery script run every 5 second (recommended at master page / template header / footer of the page):
<script type="text/javascript">
window.setInterval(function(){
sessionHeartBeat();
}, 5000);
function sessionHeartBeat(){
$.ajax({
url: 'get_session.php',
success: function(response){
console.log(response);
}
});
}
</script>
Assume that you are doing a banking application. If users are logged into your site, how to detect their inactivity and ask them to log out if they remain inactive for a period of time? Inactive here means they have either switch to other tabs, or not touching the browser application.
I guess think I can do this by registering every mouse movement or keyboard movement when users are doing on EVERY page of my application. But the code would be very ugly and hard to maintain. Is there other more elegant ways of doing this?
This is the code I use. It is not mine, but I did modify it to it's 'perfection'.
// Add the following into your HEAD section
var timer = 0;
function set_interval() {
// the interval 'timer' is set as soon as the page loads
timer = setInterval("auto_logout()", 10000);
// the figure '10000' above indicates how many milliseconds the timer be set to.
// Eg: to set it to 5 mins, calculate 5min = 5x60 = 300 sec = 300,000 millisec.
// So set it to 300000
}
function reset_interval() {
//resets the timer. The timer is reset on each of the below events:
// 1. mousemove 2. mouseclick 3. key press 4. scroliing
//first step: clear the existing timer
if (timer != 0) {
clearInterval(timer);
timer = 0;
// second step: implement the timer again
timer = setInterval("auto_logout()", 10000);
// completed the reset of the timer
}
}
function auto_logout() {
// this function will redirect the user to the logout script
window.location = "your_logout_script.php";
}
// Add the following attributes into your BODY tag
onload="set_interval()"
onmousemove="reset_interval()"
onclick="reset_interval()"
onkeypress="reset_interval()"
onscroll="reset_interval()"
Good luck.
If the user is requesting new pages/data from your server on a regular basis, then adjusting the session timeout in PHP should work for this (assuming you are using PHP sessions).
If the concern is that they could be sitting on one page for a good length of time with no trips to the server (e.g. filling out a long form), and you want to distinguish between this and the user simply switching to another window, you could do something like use javascript to request some data using XMLHTTPRequest every five minutes or so to keep the session alive. You could use the window.focus and window.onblur events in javascript to stop and restart this mechanism (I think there are some differences for IE, there is a good explanation here).
A very easy and effective way of doing this is by placing something like this in your HTML HEAD section:
<META HTTP-EQUIV="refresh" CONTENT="1800;URL=logout.php?timeout">
Replace the logout.php?timeout with the appropriate script .. In the example above, if ?timeout is in the query string, I show them a login page with information indicating that they've been logged out due to inactivity.
Replace 1800 with the time in seconds that you wish to allow them to stay inactive before automatically logging them out. Set this to the same time that you have your session expiration set to.
Edit - Another easy mechanism to implement is to have a session variable called last_time, or last_activity, or something along those lines, and set it to a timestamp everytime there is activity. In most of my stuff, I have a general include file that I do this in. In the same file, you could check to ensure that it's within the constraints that you've set forth for an active session. If it's been too long -- just do a 300 redirect to the logout page and display the appropriate inactivity message there.
Good luck!
Ian
We can improve our codes to jquery now
idleTime = 0;
$(document).ready(function() {
var idleInterval = setInterval("timerIncrement()", 60000); // 1 minute //60000
$(this).mousemove(function(e) {
idleTime = 0;
});
$(this).keypress(function(e) {
idleTime = 0;
});
});
function timerIncrement() {
idleTime = idleTime + 1;
if (idleTime >= 5) {
window.location = $('#base_url').val() + 'home/logout_user';
}
}
You can do it more elegantly with underscore and jquery javascript libraries-
$('body').on("click mousemove keyup", _.debounce(function(){
// logout user here
}, 1800000)) // 30 minutes inactivity
It depends how they are "logged in" in the first place. Doesn't the session expiration on the server do this for you? If you really want to do it manually then you could use some javascript in a setTimeout, but thats ugly
Usually the session lifetime is used to determine whether a user is logged in or not. So you could set a flag in the session that represents this state. And if it’s missing (either the user didn’t log in yet or the session timed out), he is considered as not logged in.
You can have a bit of javascript that checks the server every x minutes to see when the user's last activity was. Shouldn't be more than a few lines of code. I would also add a meta refresh if the user has javascript disabled.
I took the timestamp 'now' and check on each click if the delay is less than 3000 seconds or more than billions of seconds, which means that the user just logged in, if it's not it will redirect to logout
var time = 0;
$(document).on('click', function() {
var now = Date.now() / 1000 | 0;
if (now - time < 3000 || now - time > 1480000000) {
time = now;
} else {
window.location.replace("http://url");
}
})
put in header of your java script page.. if you want to avoid the backend calls
Below is the snip-let under script tag :
<script>
var idleTime = 0;
function func(){
console.log(idleTime);
$(this).keypress(function(e) {
idleTime = 0;
});
$(this).click(function(e) {
idleTime = 0;
});
timerIncrement();
}
function timerIncrement() {
console.log("timerIncrement");
console.log(idleTime);
idleTime = idleTime + 1;
if (idleTime >= 1) {
console.log(window.location);
logoutcall(); //API call
window.location = window.location.origin+"/riskoffice_UI/Login";
}
}
setInterval(func,1800000) //Runs the "func" function every second
</script>
Update : localStorage can be use to keep idle time for the application with multiple tabs are opened.
// Check browser support
if (typeof(Storage) !== "undefined") {
// Store an item to localStorage
localStorage.setItem("timeIdle", "0");
console.log(localStorage.getItem("idleTime"));
// Retrieve the added item
} else {
//display this message if browser does not support localStorage
console.log("Sorry, your browser does not support Web Storage.");
}
function func(){
$(this).keypress(function(e) {
localStorage.setItem("timeIdle", "0");
});
$(this).click(function(e) {
localStorage.setItem("timeIdle", "0");
});
timerIncrement();
}
function timerIncrement() {
var timeIdle = localStorage.getItem("timeIdle");
timeIdle = parseInt(timeIdle) + 1;
if (timeIdle >= 1) {
logoutCall();
window.location = window.location.origin+"/riskoffice-ui/Login";
}
localStorage.setItem("timeIdle", timeIdle.toString());
}
setInterval(func,1800000); //Runs the "func" function every second