Detecting If the User is Idle or Inactive

programming
21

Hello this approach makes to me more sense, looks great
I mean
If a user is logged in into a php app and the current page is showing his personal details, so far, all the PHP scripts I have seen, will check for the session at next view load action.
Instead the js approach makes much more sense
No user interaction for some timeout? then go to some login page
… would you redirect to some session destroying script? Or … ?
Thank you for sharing your approach

22

Hi @Corsari - welcome to the forums :slight_smile:

It depends on what your goal is. If inactivity means they need to “reauthenticate”, then proactively sending them to a log-in page would seem like a good idea. As part of this, overwriting a cookie value or whatever mechanism you use to keep the user from re-authenticating with each navigation, seems reasonable as well.

:stuck_out_tongue:

23

Hello Kirupa!
Thank you for replying

I mean that a real user inactivity logout mechanism , must check the activity as your script does

Now , I was just asking you, what do you kindly suggest as logout mechanism when it comes to apply your script to a PHP application

In practice , what would you do ? I admit I didn’t studied sessions commands with JS . Do you mean you can do session destroy with JS?
So JS can end with session destroy and redirect to some login page?
Thank you

24

That is a tough one to answer without knowing what your implementation does. Do you have a logout capability already built? If so, do you know what exactly it does? For example, does it clear a cookie?

25

Hello
As PHP app, it is based on sessions.
More specifically, I’m experimenting with CodeIgniter MVC PHP framework
So the first idea I have is to use your script and after the timeout, redirect with JS to a method for the logout ( wipe the session ) and that all together redirects to the login one.
I’m wondering if this is the supposed “best” approach
or if rather you’d suggest some better one :slight_smile:
Thank you

26

That does sound like a great approach. Once you detect inactivity, navigate to a page that does all of the logging-out magic and navigates you to the login screen/page afterwards :clock11: