PHP- how to run something when session times out?

[lozina]

I need to enhance a login system to record login date and logout date for each user. the login of course is easy, and the logout is easy too if the user presses a provided "logout" button, but what about when the user's session times out? how can I detect session timeout for a user and record the date in my table ?

 

[Crusty2]

I would store a cookie on their computer with the relative session info, ie when they signed on and when their session expires. Then the next time they attempt to access your site just access the cookie and see if they are passed the expire time, if so process the logout and record keeping.

 

[Aikouka]

Here's what I was thinking...

Store whenever the user refreshes their timeout timer. Then compare the time out period + last refresh time. If that is smaller than the current time, then that'll be their official log off time. Now, when you do this check is completely up to you, you could make a nightly cron job to do it, do it whenever you check the logs (I assume you might want to view this in a php page?)

EDIT:

Originally posted by: Crusty2
I would store a cookie on their computer with the relative session info, ie when they signed on and when their session expires. Then the next time they attempt to access your site just access the cookie and see if they are passed the expire time, if so process the logout and record keeping.

Only problem I could see with this is someone might clear their cookies.

 

[Crusty2]

If someone were to clear their cookies you would be able to detect that, and log them out immediately and then do all the processing as normal.

 

[jjones]

Crusty, if they clear cookies, he won't be able to identify who would need to be logged out.

What may work for you, if you don't need to know the exact time but could instead work within a window of time, is to set the log in and log out at the same time, recording the log out time 30 minutes later than the log in. When the user logs in, set a session cookie with the log in time plus 30 minutes. As they navigate the site, use a function on each page to determine if they have exceeded the 30 minutes window, and if they have, then update your log out to be 30 minutes later than current time and reset the session tracking cookie to current time plus 30 minutes.

I hope that makes sense. I have an ear infection bugging hell out of me, so I don't know for sure.

 

[Crusty2]

Well, if they cleared their cookies then they would have to login again.... When they tried to login it would notice that they don't have ANY cookies and check to see if the db still thinks they are logged in....

 

[lozina]

thanks for all the replies guys, sounds like some good solutions i will try to work them in tonight!