jrahma;11035217 wrote:I want to know how can I destory sessions if idle for 5 minutes. I checked on the net but all what I found was to get the session start time and start currennt time then do the calculation but in this case it will destroy the sessions even if the user is currently active on the website.
To clarify, being "idle" is not necessarily the same thing as a user walking away from their computer.
"Idle," to your server, means there have been no new requests. If a user visits your webpage, and then reads it/ plays a javascript game/ whatever for 20 minutes straight (without communicating with your server again), then the session has been idle for 20 minutes.
There is no way to know, with certainty, that the user is actually doing something on your site between requests. Further, there's no way to know if the person on the other end of your session is the same person who started that session.
Depending on your goals, the best solution would probably be setting your session cookie with a very short lifespan (as @ suggested). Alternatively, you could use ajax to report user activity to your server, and then renew (or expire) the session based on that information. Be aware, however, that both cookies and javascript are easily tampered with.
