In today’s fast-paced digital landscape, user security and data privacy are paramount concerns. One crucial aspect is managing user sessions effectively. To address this, we delve into the concept of automatic logout for inactive users on a website using PHP. This proactive measure not only enhances security but also ensures that resources are utilized efficiently. Join us as we explore the steps to implement this essential feature and bolster the overall user experience.

Requirement is that when a user login in the site and he/she inactive in the site more than 5 minutes then user will logout from the site.

In the login.php file :

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
<?php
session_start();
include("dbconfig.php");
if(isset($_POST))
{
$current_time =time();
$current_date=date("d-m-Y");
extract($_POST);
$query ="select * from users where user_email='".$textfield."' and user_pword='".$textfield2."' and user_status='1' ";
$rs_user= mysql_query($query);
$no_rows   = mysql_num_rows($rs_user);
if($no_rows > 0){
while($resGetAdmin = mysql_fetch_assoc($rs_user)){
$selQuery="select * from  login where  user_id=".$resGetAdmin['user_id'] ." AND loginDate ='$current_date'";
$rgetData= mysql_query($selQuery);
$num_login   = getSqlNumber($selQuery);
if($num_login==0) {
$insQuery= "insert into login (user_id,loginTime,loginDate,count)   values (".$resGetAdmin['user_id'].",'$current_time','$current_date',1)";
$login_user= mysql_query($insQuery);
$insert_id=mysql_insert_id();
$_SESSION['loginTime']=$current_time;
}else{
$count = mysql_result($rgetData,0,count);
$count = $count+1;
$updateQuery= "update login set loginTime='$current_time' ,loginDate='$current_date' , count ='$count' where user_id=".$resGetAdmin['user_id'] ." AND loginDate='$current_date'";
$login_user= mysql_query($updateQuery) or mysql_error();
$_SESSION['loginTime']=$current_time;
}

$_SESSION['user_id']=$resGetAdmin['user_id'];
header("Location: secure.html");
exit;
}
}
else
{
header('Location:'.$currentUrl);
exit;
}
}
?>

 

Include the file

In the Remaining pages which are in the secure pages of site append the below code:

1
 <?php include("timeout.php"); //added; contains timeout info ?>

 

The timeout.php code is below:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
 <?php
 session_start();
$timeout_length = 300;
$current_time =time();
$current_date=date('d-m-Y');
if ($current_time$_SESSION['loginTime'] > $timeout_length) {
session_unregister(user_id);
header("Location:redirect.html");
exit;
}
else
{
$_SESSION['loginTime'] = $current_time;

$updateQuery= "update login set loginTime='".$_SESSION['loginTime']."', loginDate='$current_date' where user_id=".$_SESSION['user_id']." AND loginDate='$current_date'";
$login_user= mysql_query($updateQuery) or mysql_error();
}
?>

 

The Database table for login table:

1
2
3
4
5
6
7
8
CREATE TABLE IF NOT EXISTS `login` (
`login_id` int(11) NOT NULL auto_increment,
`user_id` int(11) NOT NULL,
`loginTime` varchar(255) NOT NULL,
`loginDate` varchar(255) NOT NULL,
`count` int(11) NOT NULL,
PRIMARY KEY  (`login_id`)
)

Incorporating an automatic logout feature for inactive users is a wise decision for any web application. It not only safeguards sensitive user data but also optimizes server resources. Through this article, we’ve provided you with a step-by-step guide on how to achieve this using PHP. By implementing these techniques, you can enhance the security of your website, improve user experience, and demonstrate your commitment to safeguarding user privacy in today’s interconnected digital world.


3 Comments

xRommelx · February 19, 2010 at 5:36 am

very useful

Sanjib Jena · September 17, 2010 at 1:15 pm

Good script, But is it possible to do the same without using Database

Thanks

Ronald M. · February 20, 2012 at 5:53 am

im a newbie in PHP.
is it possible to do the same without using Database
which i can only add – – on each secured page

thanks,

Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *