i want php session to be expired if there is no activity on the page for more than 10 to 20 minutes. Or user is not available for more than 20 min.Say we are taking an example of login, user logged in and after 20 min if there is no activity , it should expire the session and redirect to login page again.

i want php session to be expired if there is no activity on the page for more than 10 to 20 minutes. Or user is not available for more than 20 min.Say we are taking an example of login, user logged in and after 20 min if there is no activity , it should expire the session and redirect to login page again.

• javascript
• php
• ajax
• session

• Related: stackoverflow./questions/520237/… – Dave Chen Commented Mar 24, 2014 at 6:04
• This may helps you stackoverflow./questions/9124560/… – Vinod VT Commented Mar 24, 2014 at 6:06
• what if the user is still active after 30 mins. – user2926947 Commented Mar 24, 2014 at 6:11
• Then they will have to relogin based on your conditions. If they idle on the page (unless you specifically use javascript to occasional ping the server) their session will expire in the allotted time given. – Dave Chen Commented Mar 24, 2014 at 6:15
• here is a detailed answer you can find stackoverflow./questions/520237/… – Vignesh Commented Mar 24, 2014 at 6:18

5 Answers 5

Use Jquery

html or php page :

<body id="homepage" onload="set_interval()" onmousemove="reset_interval()" onclick="reset_interval()" onkeypress="reset_interval()" onscroll="reset_interval()">

jquery

//user login sessions
var timer = 0;
function set_interval() {
  // the interval 'timer' is set as soon as the page loads
  timer = setInterval("auto_logout()", 300000);
  // the figure '10000' above indicates how many milliseconds the timer be set to.
  // Eg: to set it to 5 mins, calculate 5min = 5x60 = 300 sec = 300,000 millisec.
  // So set it to 300000
}
function reset_interval() {
  //resets the timer. The timer is reset on each of the below events:
  // 1. mousemove   2. mouseclick   3. key press 4. scroliing
  //first step: clear the existing timer
  if (timer != 0) {
   clearInterval(timer);
   timer = 0;
   // second step: implement the timer again
   timer = setInterval("auto_logout()", 300000);
   // pleted the reset of the timer
  }
}
function auto_logout() {
  // this function will redirect the user to the logout script
  **window.location = "index.php?opt=Logout";**
}

LOGOUT page

if(@$_REQUEST['opt']=='Logout')
    {
        unset($_SESSION['uid']);
        unset($_SESSION['username']);

    }

The Client-side solution:

Your page:

<script type="text/JavaScript">
    var idleRefresh;
    idleRefresh = setTimeout("location.href = 'unset.php';",30000);
    windows.onmousemove = function() {
        clearTimeOut(idleRefresh);
        idleRefresh = setTimeout("location.href = 'unset.php';",30000);
    };
</script>

unset.php: (Unset all session variables / specific login variables, and redirect user to login page)

<?php
    session_unset();
    header('Location: login.php');
?>

Store the last request made time in session

<?php
  $_SESSION['timeout'] = time();
?>

In every request happening, check how long ago they made their previous request (10 minutes in this example)

<?php
  if ($_SESSION['timeout'] + 10 * 60 < time()) {
     // destroy session & logout
  } else {
     $_SESSION['timeout'] = time();
  }
?>

I would have added this add a ment to Arun's jquery solution, but don't have 50 reputation yet. I had to make some modifications to his code to get it working, for example, this:

timer = setInterval("auto_logout()", 300000);

Needs to be changed to this:

timer = setInterval( function(){ auto_logout() }, 300000);

I have included the fully revised code below:

HTML:

<body onload="setTimer()" onmousemove="resetTimer()" onclick="resetTimer()" onkeypress="resetTimer()" onscroll="resetTimer()">

And Javascript is:

// Variables: timer, timeout  
var t, to = 10000;

// Setup the timer
function setTimer() {
    t = setInterval( function(){
        logout()
    }, to);
}

// Reset the timer
function resetTimer() {             
    if (t > 0) {
        clearInterval(t);
        setTimer();
    }
}

// Logs user out
function logout() {
    window.location = "login.php";
}

As Arun has mentioned, change timeout (to) to whatever you need. In the above example I have it set to 10000, which is only 10 seconds.

Hope this helps - and thanks again for Arun for posting the original code.

// JQUERY SCRIPT;

var reset = 60000;
var timer = reset;

$('body').on('click keyup mousemove', function(){
    timer=reset;
});

// COUNTDOWN FUNCTION 'ct' SHOW THE TIMING ON YOUR SIGNOUT BUTTON AND 
// WILL REDIRECT TO LOGOUT ACTION AFTER THE REACH SET TIMEOUT;
function ct(){
    $('#so').text(timer/1000+' Sec. SIGN OUT');
    timer=timer-1000;
    if(timer==0){
        window.location = 'logout.php';
    }
}

// EXECUTE 'ct' FUNCTION AFTER EVERY 1 SEC.
setInterval('ct()', 1000);

/* CSS CODE OF SIGNOUT BUTTON */
#so{
  background-color: tomato;
  padding:8px 20px;
  color:#fff;
  border-radius: 4px;
  text-decoration: none;
}
h3, #so{font-family: Segoe UI;}

<!-- LIBRARY -->
<script src="https://cdnjs.cloudflare./ajax/libs/jquery/3.3.1/jquery.min.js"></script>


<!-- HTML CODE -->
<a href="logout.php" id="so">SIGN OUT</a>
<h3>RESET TIMER WITH - MOVE CURSOR, KEY UP &amp; CLICK<h3>