Automatic session timeout/logout using php and AJAX

Part 2 is also available now. Read part 2

This article is Part 1 of 2 part series in which you will learn how to logout user after a specific amount of inactivity. In part 1, we will use only php. If the user remains inactive for a certain period of time and then requests a page from server, she will be logged out. In part 2, we will extend this functionality and will use AJAX to automatically logout the user if the inactivity time is exceeded.Logout will be irrespective of whether the user requests any page from server or not.

In this article we will write a little example in php that will logout a user if she is inactive [does not request any page from server] for a certain amount of time and redirect to a default page.

View Demo download

In the example click Login in index.html to login. This will take you to first.php. Now navigate to second.php using the link.Sit back for 7-8 seconds and then either refresh the page or click the link for first page. If you take any action after 5 seconds you will be logged out, otherwise the requested page will be served.

Explanation follows.

index.html is the default page where the user lands. User is not logged in at the moment. Clicking the Login button takes the user to first.php where user authentication is done. In a real world situation, this link will be replaced with the standard username/password fields.The code for first.php looks like this:

In starting lines of first.php we check whether a session variable isLoggedIn is set to true or not. If it is not set, user authentication will be done. For this example we will just set the value of isLoggedIn to true, which means user is authenticated now. Of course, in a real application you will write proper code to check the user authenticity.

Now, when the user is logged in we specify the timeOut period crossing which the user will be logged out.

In the next line we get current time and store it in another session variable loggedAt.This is the time user has requested the page from server.

We have in total 3 session variables now.

isLoggedIn – tells whether user is logged in or not.

timeOut – Inactivity period in seconds after which user will be logged out and

loggedAt – last time when the user accessed a page.

After this showLoggedIn function is called which displays some html and a link to another page.

Code for showLoggedIn:

Now what happens when the user refreshes the page after more then 5 seconds.

In line 3 session variable isLoggedIn is checked. Since it has been set to true already, control will go to the else part of if-else block i.e. line 16. In else a function checkIfTimedOut is called which determines whether the user has refreshed the page after more then timeOut period or not. if the value of variable $hasSessionExpired is true, we destroy all session variables and redirect user to index.html using header function.

Value false for $hasSessionExpired means the page has been refreshed in less then timeOut period. So we update the session variable loggedAt with current time and display the page again.
Here is the code for function checkIfTimedOut:

In line we get the current time. Then we calculate the difference between current time and the time user logged in.

If the difference between these two is more then timeout period specified, we return true.
Similar is the case when user clicks the link on page1. User will be taken to page2.php. First of all we check if the user is logged on using isLoggedIn. If not logged on, simply redirect user to index.html.

If already logged on then a call to checkIfTimedOut function checks whether timout has occurred. If it is a timeout then redirect user to home page else display page 2.
Set the timeout to different values and then check.
First part of article finishes here. Second part will follow soon is now available at this link.

Related Posts

18 thoughts on “Automatic session timeout/logout using php and AJAX”

  1. Hi.. first of all, I wanna say thank you for sharing such a useful code, but can you please help me/us again.. how to make a user that have been foced to re-login, automatically redirected to a last page he/she visited before? Can you share it here too..?

  2. Thanks for the script. But is it possible to have the script alert the user that his session will soon time out. And then if he is redirected to the login page for inacitvity another alert shows to say that his session timed out he should re-login.

  3. hi i m also web developer but some time i search also some kind of information on google or some where
    but whatever u posted out it was funtastic so send some new information in my id
    i ll very grate full to u

  4. Thank you so much! This is very helpful. However, i have a few doubts. Some of my pages able to run for both login and non-login user. I added my session timeout on my header page hence it’ll run the whole website. I’m unsure on how to make the session timeout to run only for login user such that the pop out won’t appear for non-login user

Leave a Reply