I don't quite know if this will help but this is how I do it.
When a user logs in to my site, the username is used as the session variable (named $valid_user) and I save their username and the date/time in an active_users table in the db. Then each time they make any action the check_timeout() function is called. This allows the user to remain in the site while they are actively using it. If they leave the site idle for more than the time-out period, in this case an hour, the next time they make any action they are completely logged out of the site. It's a bit messy, but I couldn't find a way to remotely log a user out and I didn't want to to rely on the server time out.
function check_timeout()
{
// set maximum idle time to 1 hour (3600)
define("MAX_IDLE", 3600);
// set the timeout value to 1 hour ago
$timeout = date("Y-m-d H:i:s", time()-MAX_IDLE);
//where sessions have timed out., delete user from active_users and log them out
$del_result = mysql_query ("DELETE FROM active_users WHERE lastaction < '$timeout'");
//ok lets check that it deleted a record
$chk_result = mysql_query ("SELECT * FROM active_users WHERE username='$valid_user'");
if ($chk_result)
{
$row = mysql_fetch_object($chk_result);
if ($row->lastaction == "")
{
echo "<center>";
echo "<br/>****Session Timed Out****<br/>";
echo "</center>";
echo('<META Http-equiv="refresh" Content="1; Url=/Logout.php">');
exit;
}
else
{
update_last_action();
}
}
else
{
no_db();
}
}
/*************************************************/
function update_last_action()
//update the last action time on each page load
{
$lastaction_query = "UPDATE active_users SET lastaction = NOW('') WHERE username='$valid_user'";
$lastaction_result = mysql_query($lastaction_query);
if (!isset($lastaction_result))
{
no_db();
}
}
