I would like to have my PHP website destroy a users session if they have been idle for 5 minutes. If this does happen, I'd like to present the user with a message stating why they were logged out and redirect them to the login page.
What is the best way to handle this?
I am running on php and myadmin.
Thanks
Avinash
Every time you load a page, store a timestamp in a session variable. When the user goes to a page, check to see if $SESSION['lastActivity'] < time() - <your idle time>. If true, then redirect to a 'your session has expired' page or similar. If not, continue loading the page.
I assume you mean 'idle' time. There is no need to calculate that, but you have to store the last (authenticated) access made by that user and reset the counter. Typically, one would should issue an authentication cookie with a certain timestamp. Upon authentication of the cookie, you compare the current time with the timestamp. If this difference is larger than some threshold, say 5 minutes, you present an error page. To improve the user experience, you might also want to display a timer to the user so there is no bad surprise.
Create a javascript function that has a x minute timeout that pops up and redirects.
Also on the server make sure their session expires so that in the case of Javascript not being available, they cannot continue actions after their idle time has passed.
Can you not just use PHP's built-in session functions to set session expiry time to 5 mins. and re-direct if a session no longer exists?