ansaurus

Question

Alert user if session is going to expire, option to renew session

Answer 1

+1 A:

It's relatively easy:

Build a JavaScript timer that fires in (session lifetime - 5 min) minutes using setTimeout
Have the setTimeout function show a confirmation dialog, e.g. using jQuery UI Dialog
If the user wants to prolong the session, make an Ajax request to an PHP file. If the file uses sessions, this will work to "touch" the session's lifetime
After making the request, set another setTimeout that will fire when the session is about to expire again.

Pekka 2010-10-04 18:42:49

didn't think about the AJAX call, very nice!!!

Phill Pafford 2010-10-04 18:51:21

Answer 2

+2 A:

I would suggest a different approach; just refresh the session for the user anyway. Most unwanted session-deaths happen because of

a long phonecall
an unexpected visit
a meeting

and with a confirmation dialog, the session would already by dead by the time your user comes back - adding only confusion.

Instead:

var refresh_session = function () {
    $.get("/refresh_session.php");
},

fifteen_minutes = 15 * 60 * 1000;

setInterval(refresh_session, fifteen_minutes);

--> happy users! :-)

Magnar 2010-10-04 18:47:58

This is a great option as well, but I need to user to make the call. it's a 6 minute session, if no activity I still need them to be logged out

Phill Pafford 2010-10-04 18:53:54

That's fair :-) But you should then probably make your own confirmation dialog, so you can remove it again when the session is known to be dead and instead inform the user what has happened.

Magnar 2010-10-04 18:55:50

Part of the session time out is security - forcing the session to be kept alive is alright in some cases, but the user should be able to opt for that. Depends on how sensitive the content is

kmfk 2010-10-04 18:57:15

Answer 3

A:

You can sidestep the issue by having a script which returns a 1x1 pixel image on a JS timer. The idea is that you start with a PHP script like this (not sure if the header calls in here are exactly right..):

header("ContentType: image/gif");
passthru("my-1x1.gif");

Now, have the javascript setInterval function call this script at a suitable interval (i.e. less than the session GC interval). Because the image is served from PHP it updates your session, so theoretically your user's sessions wont end as long as they remain on your site.

Robin 2010-10-04 18:55:45

We keep the user logged in if they are active, this would only happen if the user is in-active (As they are on the phone or something), would like to alert/give option to extend session before it expires

Phill Pafford 2010-10-04 19:01:52

OK, so the alert pops up after X minutes saying "do you want to extend your session" and the user is still on the phone, and doesn't respond until 10 minutes later when the session has already been GC'd on the server. I don't think your idea of the user choosing is a good one, you're stuck in a chicken and egg.

Robin 2010-10-05 18:26:18

ansaurus

tags:

views:

answers:

Alert user if session is going to expire, option to renew session

related questions