In today’s fast-paced digital landscape, user security and data privacy are paramount concerns. One crucial aspect is managing user sessions effectively. To address this, we delve into the concept of automatic logout for inactive users on a website using PHP. This proactive measure not only enhances security but also ensures that resources are utilized efficiently. Join us as we explore the steps to implement this essential feature and bolster the overall user experience.
Requirement is that when a user login in the site and he/she inactive in the site more than 5 minutes then user will logout from the site.
In the login.php file :
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 | <?php session_start(); include("dbconfig.php"); if(isset($_POST)) { $current_time =time(); $current_date=date("d-m-Y"); extract($_POST); $query ="select * from users where user_email='".$textfield."' and user_pword='".$textfield2."' and user_status='1' "; $rs_user= mysql_query($query); $no_rows = mysql_num_rows($rs_user); if($no_rows > 0){ while($resGetAdmin = mysql_fetch_assoc($rs_user)){ $selQuery="select * from login where user_id=".$resGetAdmin['user_id'] ." AND loginDate ='$current_date'"; $rgetData= mysql_query($selQuery); $num_login = getSqlNumber($selQuery); if($num_login==0) { $insQuery= "insert into login (user_id,loginTime,loginDate,count) values (".$resGetAdmin['user_id'].",'$current_time','$current_date',1)"; $login_user= mysql_query($insQuery); $insert_id=mysql_insert_id(); $_SESSION['loginTime']=$current_time; }else{ $count = mysql_result($rgetData,0,’count’); $count = $count+1; $updateQuery= "update login set loginTime='$current_time' ,loginDate='$current_date' , count ='$count' where user_id=".$resGetAdmin['user_id'] ." AND loginDate='$current_date'"; $login_user= mysql_query($updateQuery) or mysql_error(); $_SESSION['loginTime']=$current_time; } $_SESSION['user_id']=$resGetAdmin['user_id']; header("Location: secure.html"); exit; } } else { header('Location:'.$currentUrl); exit; } } ?> |
Include the file
In the Remaining pages which are in the secure pages of site append the below code:
1 | <?php include("timeout.php"); //added; contains timeout info ?> |
The timeout.php code is below:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 | <?php session_start(); $timeout_length = 300; $current_time =time(); $current_date=date('d-m-Y'); if ($current_time – $_SESSION['loginTime'] > $timeout_length) { session_unregister(user_id); header("Location:redirect.html"); exit; } else { $_SESSION['loginTime'] = $current_time; $updateQuery= "update login set loginTime='".$_SESSION['loginTime']."', loginDate='$current_date' where user_id=".$_SESSION['user_id']." AND loginDate='$current_date'"; $login_user= mysql_query($updateQuery) or mysql_error(); } ?> |
The Database table for login table:
1 2 3 4 5 6 7 8 |
Incorporating an automatic logout feature for inactive users is a wise decision for any web application. It not only safeguards sensitive user data but also optimizes server resources. Through this article, we’ve provided you with a step-by-step guide on how to achieve this using PHP. By implementing these techniques, you can enhance the security of your website, improve user experience, and demonstrate your commitment to safeguarding user privacy in today’s interconnected digital world.
3 Comments
xRommelx · February 19, 2010 at 5:36 am
very useful
Sanjib Jena · September 17, 2010 at 1:15 pm
Good script, But is it possible to do the same without using Database
Thanks
Ronald M. · February 20, 2012 at 5:53 am
im a newbie in PHP.
is it possible to do the same without using Database
which i can only add – – on each secured page
thanks,