Does anyone know where I can read a tutorial on, or know how to create a Javascript-based session timeout that has a warning built in, and optionally these features:
- user activity resets the timer
- interacts with database (last seen on, etc.)
- if inactive, it will log out users (by redirecting to a logout.php page)
- before it logs users out, it will display a popup message that asks if they want to continue
Unfortunately, I don't know too much about Javascript.
I don't know how your website is done, but if done right, you should have a log in session and some sort of back end control system that denies any action if the previous action was made X minutes/hours ago and automatically expires the user. If you want to implement some client side code, you should have a javascript timer that alerts the user when expire time is about to be complete and you can also redirect the user to the homepage or log in page after the expire time is reached. This way all security features are on the back end and the javascript only works as a display measure for the display behavior.
UPDATE:
setInterval(function(){alert("Hey, your session is ending")},360000);
setInterval(function(){
redirect();
},720000);
function redirect(){
document.location = "../logout.php"
}
UPDATE2:
setInterval(function(){
logout();
},600000);
function logout(){
if(confirm('Logout?'))
redirect();
else
alert('OK! keeping you logged in')
}
function redirect(){
document.location = "../logout.php"
}
Every page with this code will ask after 10 minutes if the user wants to logout. This means your session cannot expire by itself, you must leave the control to the user
来源:https://stackoverflow.com/questions/11538803/php-javascript-session-timeout-with-warning