I have a login system using sessions. I want to be able to logout a user after 15 minutes of idle time. But, I don't want to just update the timestamp each time a user clicks a link. I would like to update the timestamp each time a person moves the mouse, scrolls the page, or types something on my page. Is this possible with or without Javascript? I'm pretty sure it can be achieved using Javascript by using onmousemove and onscroll. But, Javascript can be deactivated on a person's browser. Has anyone had any experience with this and what have you implemented? Any examples of code would really be appreciated. Thanks in advance!

i cant see how your going to get this done. i meen, everytime someone scrolls? you do realise that to update a timestamp on the server is going to need a request to the server?

besides all that. user session are automatically killed after 20mins as is (by default), and this setting can be changed in your php.ini.

each request is classed as activity. ie: each time the user asks for another page. simply filling out a form doesnt constitute being active.

you might want to read up on how http works. there is NO SUCH THING as a user being 'connected' to your web page. when they are filling out a form for instance, the form is on there computer. and when they submit it, the data is sent to the server. this is how all http request work.

you type an address in your browser, your browser sends a request to that server for a specific page, if found it sends it back to you, then the server just sits there waiting for the next request. at no stage is it aware of you filling in forms, scrolling layers, or anything else allong those lines.

Hence HTTP being 'Stateless'. Sometimes common sense gets thrown out the window for me. I think I saw someone using Javascript to get around this problem only to create a new problem (no javascript activated on browser). Does the following make sense?

<body onload="countDown()" onchange="resetCounter()" onmousemove="resetCounter()" onclick="resetCounter()" onScroll="resetCounter()">
<script language="javascript">
var seconds=600;
function countDown() {
if(seconds<=0) {
window.location="http://website.com/logout.php";
}
seconds--;
window.setTimeout("countDown()",1000);
}
function resetCounter() {
seconds=600;
}
</script>

Ofcourse the code within the <script> tags would need to be placed with the <head> tags of the HTML.

Does the following make sense?

to be honest, i have to say the whole idea doesnt make sense to me. even if you can get it working imagine the extra load on your server, not to mention all the waiting the client is going to be put through while your timestamp is updated everytime they move there mouse.

this piece of code will redirect the user to your logout page.

if(seconds<=0) {
window.location="http://website.com/logout.php";
}

is that what you want?

Wouldn't this constitute client-side Javascript? Meaning the server won't be slammed. Basically, I'm trying to avoid a person from being logged out while filling out a lengthy form. If someone is totally inactive, then the javascript will account for that by counting down 10 minutes of inactivity and then logoff the person. With this method, I wouldn't need to keep track of a timestamp on the server-side. At least, that's what the short-term examination of this code has led me to believe. Ofcourse, this won't work if a person has javascript deactivated.

The logout page would just destroy the session and present a login form.

Actually, what i'm trying to avoid is someone partially filling out a somewhat lengthy form and goin to make a sandwhich or take a dump and come back and not have time to finish what they started because they will be automatically logged out for "inactivity". I am tryin to avoid having to run a cron to save partially filled out forms in case a user is logged out in the middle of filling the form out.