Automatic Logout Session

Script timer Session, Automatic Log Out

Many things happen if someone has managed to login as a user, and of course this is when the user login will utilize the services of a website, not because of other reasons, such as poor levels of security. There is always an idle period. Idle here means users do not do anything at all on the website, did not move a page, do not enter any input on the form, and nothing cause a web page refresh, in other words a user does not do anything on the website through which he was visiting. 

 

It's a strange user. But things like this can happen if the user moves to other tabs to visit other websites, and forget the websites that he was visited before. Obviously the situation on the website a user visited previously regarded as an idle condition by the website. No matter whatever happens in the previous website. Or other conditions, where a user who has 10 minutes left the PC and forget to logout his account. This is where the session timer function is really needed.
 

There are two ways to set the session time, the first is to change the session timeout in the php.ini configuration, the last way is by utilizing time() function and session variables that have been registered, in other words, this latter way is to design a line of code that can set time session. This article does not explain the first way. Here will be explained the second. Let’s take an example :
 

"When the user has successfully logged in, there will be a session that is used as a benchmark to compare how long the user has run on these pages. If the time() function which runs larger than the value of the session variable that will be used as a benchmark then the user will be logout automatically."
In structure, the algorithm will be like this:

1. Provide a variable x, contains the current time plus 30 seconds.
2. Make variable x such as session, which will bypass the value on every page, in other words, the contents of the variable x can be displayed on any page.
3. Compare the present with the value of the variable x is.
4. If the time is now smaller than the value of the variable x, then the user is still in a state of login.
5. If the time is now greater than the value of the variable x, then the state of the user is logged off.
6. If the user refreshes the page, move the page, fill out the form, before the session time runs out then login time will be added 10 minutes in the next.

For the algorithm above will use 2 function, the login_validate() and login_check () functions.
 

Simply prepare the necessary script:
 

index.php file:

<?php
require_once “functions.php”;
if (( $_POST['username'] == ‘admin’ ) && ( $_POST['password'] == ‘admin’))
{
$_SESSION['user'] = $_POST['username'];
login_validate();
header(“location: admin.php”);
}
else if ( empty($_POST['username']) && empty($_POST['password']) )
{
header(“location: login.php”);
}
?>

functions.php:

<?php
session_start();
function login_validate() {
    $timeout = 30;
    $_SESSION["expires_by"] = time() + $timeout;
}
function login_check() {
    $exp_time = $_SESSION["expires_by"];
    if (time() < $exp_time) {
        login_validate();
        return true;
    } else {
        unset($_SESSION["expires_by"]);
        return false;
    }
}
?>

Then admin.php, this line of code in admin.php is the condition of the admins who have been successfully logged. If more than 30 seconds, then the user will automatically be logged off. The value of 30 seconds was taken from the $timeout variable in functions.php.
 

admin.php file:

<?
require_once “functions.php”;
if (ISSET($_SESSION['user']))
{
    if (!login_check()) {
        header(“Location: logout.php”);
        exit(0);
        }
    else {
        echo “If user do nothing, will be automatically logout“;
        }   
}
else
{
    echo “You can do nothing..”;
}
?>

Furthermore, the user login page, login.php:

<html>
<head><title>User Login Page</title></head>
<body>
<form action=index.php method=POST>
<table border=0 bcolor=#DFDFDF><tr><td>username</td><td><input type=text name=username></td></tr>
<tr><td>password</td><td><input type=password name=password></td></tr>
<tr><td></td><td><input type=submit name=submit value=submit></td></tr>
</table>
</form>
</body>
</html>

Seen clearly in line 4 above, the login page has an action page, toward index.php, which then gives 2 POST variable, $_POST ['username'] and $_POST ['password']. Both variables will be checked on the index.php page.
 

And the last is logout.php:

<?php
require_once “functions.php”;
unset($_SESSION['user']);
session_destroy();
header(“location: login.php”);
?>

The workings of the source code above is quite simple, see index.php code,

……
if (( $_POST['username'] == ‘admin’ ) && ( $_POST['password'] == ‘admin’))
{
$_SESSION['user'] = $_POST['username'];
login_validate();
header(“location: admin.php”);
}
else if ( empty($_POST['username']) && empty($_POST['password']) )
{
header(“location: login.php”);
}
…...

The explanation is as follows, If a user entering a username and password that matches (in this case a username and password is admin) then the user will be given a session variable, $_SESSION ['user'], and will add a new variable that later on this variable serves as a timer, namely

$timeout = 30;

These variables are in login_validate() function in functions.php script. While still in login_validate functions, jump to the line of code under it namely:

$_SESSION ["expires_by"] = time() + $timeout;

Therein lies the real timer, the greatness of the session is to make passing even though home values are different. Clearly $_SESSION ["expires_by"] take the value from the time when the user first logs the time() plus 30 seconds ahead, namely the contents of the variable $timeout.
 

Well, from there, let’s look in functions.php:

…
function login_check() {
    $exp_time = $_SESSION["expires_by"];
    if (time() < $exp_time) {
        login_validate();
        return true;
    } else {
        unset($_SESSION["expires_by"]);
        return false;
    }
}
….

Look the line:

$exp_time = $ _SESSION ["expires_by"];

Varibale $exp_time has a value of $_SESSION ["expires_by"],
If the user logged on time at 5, then $_SESSION ["expires_by"] contains the clock to 5, minutes to 0, and seconds to 30. And naturally no matter whose name is known that the time will surely continue to grow of course. But because it is in function, the variable $_SESSION ["expires_by"] is not going to increase, although the time() increases.
 

Jump to the next line:

    if (time () < $exp_time) {
        login_validate ();
        return true;

In the simple line is, if the time is now running a smaller value than the existing value of $_SESSION ["expires_by"], then add 30 seconds more, and if the time on time() equal to the value $_SESSION ["expires_by"] then the user will automatically logout
Next ...

...
else {
        unset ($_SESSION ["expires_by"]);
        return false;
    }
...

If the time is now running it's bigger than the existing value of $_SESSION ["expires_by"], then do logout.