How to remove a user due to inactivity?

Question

How to remove a user due to inactivity?

Asked 6 years, 11 months ago

Viewed 732 times

-1

I wanted to know how to remove a user when it becomes inactive on the page, for example in Phpmyadmin, which removes the user after 24 minutes of inactivity?

If the first part is too difficult to explain could you at least tell if this is the correct code to remove the inactive user? Do you have security holes? Are there possible improvements? Possible problems?

<?php
if ( isset($_SESSION['ultimoClick']) && !empty($_SESSION['ultimoClick']) ) {

$tempoAtual = time();

if ( ($tempoAtual - $_SESSION['ultimoClick']) > '900' ) {
session_unset($_SESSION['ultimoClick']);
$_SESSION = array();
session_destroy();
header("Location:logout.php");
exit();

}else{

$_SESSION['ultimoClick'] = time();

}

}else{

$_SESSION['ultimoClick'] = time();

}
?>

1 answer

Browser other questions tagged php session code-review

You are not signed in. Login or sign up in order to post.

by Ivónio • 70 points · Answer 1 · 2017-07-19T15:27:35+00:00

Your code will destroy the session after 15 minutes. Although the difference isn’t much, I’d do something like this:

<?php
    session_start();

    // 10 minutos em segundos
    $inactive = 600; 

    $session_life = time() - $_session['timeout'];

    if($session_life > $inactive)
    {  session_destroy(); header("Location: logout.php");     }

    S_session['timeout'] = time();
?>