The mechanism to automatically log users out after a given period of inactivity is going to depend entirely upon how they are "logged in" in the first place. If it's session- or cookie-based, for example, you could store the timestamp of the last time the user did something and use that timestamp on every request to see if the gap between actions was >= 15 minutes. If so, log the user out (delete the cookie, clear the session, whatever).
