I am working on a website hwere i need to introduce security for reasons, my website automatically signs users out after 10 minutes of inactivity. The behavior is, at about 8 minutes of inactivity, a jquery ui dialog pops up, warning the user of their impending timeout. The user can choose to stay signed in, sign out now, or do nothing and they are forced to sign out at the end of the 10 minutes. I achieve this through a javascript code snippet that timeouts (no mouse/keyboard event) and reset any time the user does what I consider an “activity”.
My problem is i can make this thing run for my single webpage but have no clue how to use this for complete domain. I have thought of cookies to achieve this feat as well but not very sure. If someone can suggest me what approaches i shall follow for my task, it will be great possi. bly with code example
Get this timeout script running on my complete domain rather than a single webpage. Possibly using cookies or something else.
I would recommend against javascript and create a complete PHP solution.
This can be achieved simply by giving a user a cookie that expires after 10 minutes on each PHP page. That way, the cookie is renewed with each visit, and if they come back after that ten minutes, the cookie is gone and the system will no longer recognize them.
I would also suggest against sessions, they can get messy easily, and if you want to expand to multiple machines to load balance, it becomes almost impossible to manage. It’s not a realistic production tool.
Call this every page – This will check if they already have a cookie, if they do, it will renew it with the same value for ten minutes (60 seconds times ten minutes). You can change the cookie name of ‘user’ to whatever you want.
To authorize a user in the first place, most likely when they login, you can do this:
And if you want to log someone out, you can do this:
Best of luck!