Home/ Questions/Q 3671248
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-19T02:27:50+00:00

I want to implement a basic login system in some PHP app where no

  • 0

I want to implement a basic login system in some PHP app where no cookies will be involved. I mean, the user closes the browser and the login expires, it will remain active during the browser session (or if the user explicitly logs out) otherwise.

I want to log all this activity and I’m thinking that every time the user refreshes the page, opens a different link or logs out, I record that time as the last access made by that user, overwriting the previous access log.

But my problem is when and how should I insert another record into the database instead of overwriting the last one?

Should I just define a timeout and if the last access was made above that timeout, another log should be inserted into the database? Should the session expire too after that timeout?

Or is there a better way?

Ideally, I would like to log the “log out action” when the browser was closed, but I don’t think there’s a way to detect that is there?

Suggestions?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Revising my answer here a bit because you already mentioned the server side timeout….

    The only thing you can do client side is to use the onbeforeunload event to call the logout page (if the user did not click a link in the document..)

    Unfortunately, the browser back, forward, and refresh buttons will cause a logout…
    To get around that, have your logout.php (auto logout page) sleep for 20-30 seconds and then check to see if the last impression was under 30-45 seconds ago before logging them out…

    Just add this to script tags in the head of your document and change the ‘logout.php’ to whatever you want… * You may also need to edit the window.onload function to correctly add the onclick handlers if you use something other than links to navigate….

        var xmlhttp=false; var target; var combo;
/*@cc_on @*/
/*@if (@_jscript_version >= 5)
try { xmlhttp = new ActiveXObject("Msxml2.XMLHTTP"); }
catch (e) { try { xmlhttp = new ActiveXObject("Microsoft.XMLHTTP"); } catch (E) { xmlhttp = false; } }
@end @*/
if (!xmlhttp && typeof XMLHttpRequest!='undefined') { 
    xmlhttp = new XMLHttpRequest(); 
}
var dologout = true;
var logouturl = 'logout.php';
window.onbeforeunload = function() { 
    if (dologout) {
        xmlhttp.open("POST", logouturl, true); 
        xmlhttp.send(null); 
    }
}
window.onload = function() { 
    for (i=0;i<document.links.length;i++) 
    document.links[i].setAttribute("onclick","dologout = false;"); 
}

    Essentially this just attaches an onclick event to all document.links and changes the ‘dologout’ flag to false if a document link was clicked…

    If the dologout flag is true when the onbeforeunload event fires, it sends a post to the ‘logouturl’ / ‘logout.php’ …

    • 0