Clear session after 15 minutes of user inactivity using php

by  
Share:
Clear session after 15 minutes of user inactivity using php

If your website/ online application have user login system, session check is an integral part of the coding logic. If user is logged in an admin panel, or any other restricted area only for privileged user you must perform user inactivity check which will help reducing security risk if user forgets to logout. In this tutorial I will explain how to clear session after 15 minutes of user inactivity using PHP.

View Demo

Scenario check before going through the tutorial

Before rushing into things let’s first get a scenario check on what we are going to do.

  • User logs into admin panel and a new session is created for him.
  • User can logs out via clicking logout link.
  • If user does not interact with the application for 15 minutes, the application logs him out automatically.

Logic behind checking user inactivity and clearing session

Moving on, we have to first make a login system where user can logs in via user name and password. You can learn about creating secure login system with PHP and Mysql here. In your login check page you have to set two session variables.

<?php
if (valid user) { 
// in your login check set this two session variables 
$_SESSION["username"] = "your user name";
$_SESSION['last_login_timestamp'] = time();
}
?>

Now include this code in every page that is only accessed by privileged user except the logout page. Including this code in logout page will stop this script to work in our desired way.
<?php
if (isset($_SESSION["username"])) {
  // only if user is logged in perform this check
  if ((time() - $_SESSION['last_login_timestamp']) > 900) {
    header("location:logout.php");
    exit;
  } else {
    $_SESSION['last_login_timestamp'] = time();
  }
}
?>

You logout page must be like this. It will destroy all data and redirect the user back to index page.
<?php
session_start();
unset($_SESSION);
session_destroy();
header("location:index.php");
?>

View Demo
Share to download the Source Codes for FREE!
We're glad to give free downloads, but we need your love to carry on making that.
Please support us by sharing the page.

Get the latest updates directly in your inbox for FREE: Subscribe here

Share your feedback / let me know your doubts regarding this tutorial in the comment box given below.

Share:
Hasan

Shahrukh Khan (Hasan)

A software engineer who's a die-hard coder, blogger, dreamer and mentor with years of expertise in web development. Know more...

Related Posts

Jagdish dhakad on

Dear sir,
I want to take more uses of your tutorial site.
Thanks

Reply
Shashwat shagun on

Great tutorial! Can I be your Facebook friend??

Reply
Shahrukh Khan on

Sure

Reply
Christain on

great tutorial, but when i dnowload the zip and extract in www, wamp server after i wait 10 seconds and do refresh i still in home.php, can i forgot something?

Reply
Shahrukh Khan on

try to extract as a folder

Reply
Dennis Chibueze on

Hello Mr Khan,
can you teach me how to display the username and profile picture on the login page if the he or she is logout with the time of not been active. Please I need a tutorial on this.

Reply
Shahrukh Khan on

Hi, you need to store that info in the cookie.

Reply
Krunal on

Hello,

I can’t Understand this login
if ((time() – $_SESSION[‘last_login_timestamp’]) > 5) {

}

meanse what do you meanse of 5?

Reply
Shahrukh Khan on

5 is number of seconds of inactivity or idle state. refer php time function documentation for more info

Reply
Mohammad on

IF we need it more than 15 minutes what shall we do ?

Reply
Shahrukh Khan on

tn this line
if ((time() - $_SESSION['last_login_timestamp']) > 5) {
replace 5 with what ever seconds you want. for example you want 30 mins then 30 * 60 = 1800

Reply
shubham on

your code is not work in my website

Reply
Nilesh on

My code does not working

Reply
Rohit on

Auto logout code working but in both condition if user i active or not why,means it doesnt understand user active or not but he automatically logout on given time pf interval help me

Reply
Shahrukh Khan on

Can you please clarify again

Reply
saima on

This is sort of force logout after a specific time(e.g 20 mins the session is set) . How to track the inactivity of the session? means the system should log out if a user is not doing anything on the site or its idle, then it should logout or else it must not if the user is still working.

Reply
Hasan on

Hey Saima!
When user access any page, the time is set in session. If there is no activity for the given time, the last set time is check against the code.

Reply

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.