Jump to content

Implementing timeout for User session inactivty in PHP with background ajax call

pkrish

By pkrish
in PHP Coding Help

 Share

Recommended Posts

pkrish Newbie

pkrish

Posted
Posted

Hello All,

 

I have a PHP web application which will refresh itself(ajax calls connecting to the server and get the latest data) periodically. These also update the Database-based session handler class. i.e. There is NO UPDATE to the session data but the timestamp is constantly updated.

 

 

Our problem is that garbage collection does not kick in as it looks at the difference between timestamp and session_gc.maxlifetime. So, if  and the user is not interacting with the application.

 

Now my question is how can I force the timeout even though refreshing happens but the user is not interacting with the application and there are "phantom" session updates made by these ajax calls.

 

Please let me know. Thanks.

 

Psycho Prolific Member

Psycho

Posted
Posted

Not quite sure what you are after when you say

. . . how can I force the timeout even though refreshing happens but the user is not interacting with the application and there are "phantom" session updates made by these ajax calls

 

Are you saying you want to terminate the session if the user leaves the browser window open? That's the only thing that makes sense since there could not be any ajax calls if the browser was closed.

 

So, to rephrase, the user is in the application and then decides to leave the browser open and you want to time-out the page or something similar. There are some different solutions I can think of, but I think the one that makes the most sense is as follows:

 

Simply create a a"last activity" process that updated a timestamp for the user record whenever the USER performs an action that you determine should update that value (i.e. not an automated AJAX call). Then, when the automated AJAX call is performed you can check the user's last activity timestamp. If less than the timeout period you specify then go ahead and process normally. If greater than the timeout period do not perform the action and send a response back to the client so the JavaScript can stop the automated process and provide a message to the user.

kicken Prolific Member

kicken

Posted
Posted

Since your already doing your ping in ajax, I'd say a relatively simple solution would be to just have a long timeout that will make an ajax call to a page which will destroy the session (say the logout page for instance).

 

setTimeout(function(){
   //ajax call to logout page
}, 600000); //in 10 minutes

 

Then if they are inactive for 10 minutes it will log them out.  If they actually do something such as click a link that causes a page reload it'll cancel that 10 minute timer and not affect them.

 

pkrish Newbie

pkrish

Posted
  • Author
Posted

Not quite sure what you are after when you say

. . . how can I force the timeout even though refreshing happens but the user is not interacting with the application and there are "phantom" session updates made by these ajax calls

 

Are you saying you want to terminate the session if the user leaves the browser window open? That's the only thing that makes sense since there could not be any ajax calls if the browser was closed.

 

Yes, that's what I am referring to..terminating the session if the user leaves the browser window open for a specified time period.

 

So, to rephrase, the user is in the application and then decides to leave the browser open and you want to time-out the page or something similar. There are some different solutions I can think of, but I think the one that makes the most sense is as follows:

 

Simply create a a"last activity" process that updated a timestamp for the user record whenever the USER performs an action that you determine should update that value (i.e. not an automated AJAX call). Then, when the automated AJAX call is performed you can check the user's last activity timestamp. If less than the timeout period you specify then go ahead and process normally. If greater than the timeout period do not perform the action and send a response back to the client so the JavaScript can stop the automated process and provide a message to the user.

 

How do I create a "last activity" process? I don't quite understand the solution. I can't stop this automated ajax call from not happening.

Currently, on every request, the "last_updated" timestamp for a session is updated in the database  table containing sessions. Even, the automated AJAX call does that but it doesn't update the session data which is why the session is alive all the time and is not garbage-collected by my gc mechanism. I can filter the ajax calls from not touching my session table in the db which will ensure that gc kicks in but is that the best solution?

pkrish Newbie

pkrish

Posted
  • Author
Posted

Since your already doing your ping in ajax, I'd say a relatively simple solution would be to just have a long timeout that will make an ajax call to a page which will destroy the session (say the logout page for instance).

 

setTimeout(function(){
   //ajax call to logout page
}, 600000); //in 10 minutes

 

Then if they are inactive for 10 minutes it will log them out.  If they actually do something such as click a link that causes a page reload it'll cancel that 10 minute timer and not affect them.

 

I can try something like this out..

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.