webfactor
asked on
Setting a timeout specific to mobile web browsers
Hi everyone,
We are building a web app in PHP / MySQL that uses a lot of javascript and Ajax , and part of the template has been designed for mobile viewing only. As we don't use 'sessions' for this application, we are using the below piece of code to logout users that have been inactive for a certain period of time. The issue we have is that on an Iphone / Mobile .. the timer works when the browser is on the screen at the time, but as soon as the browser is closed (not completely shut down, just closed but still 'active' ) .. this timer ceases to work. Even a day later the user can still be logged in but reopening the mobile browser. Any suggestions on what we can use to fix this?
var t;
window.onload=resetTimer;
document.onkeypress=resetT
function resetTimer()
{
clearTimeout(call);
t=setTimeout(logOutInactiv
}
function logOutInactive(){
alert('Your session has been ended due to inactivity');
window.location.href="https://**.com.au/logout.php";
}
We are building a web app in PHP / MySQL that uses a lot of javascript and Ajax , and part of the template has been designed for mobile viewing only. As we don't use 'sessions' for this application, we are using the below piece of code to logout users that have been inactive for a certain period of time. The issue we have is that on an Iphone / Mobile .. the timer works when the browser is on the screen at the time, but as soon as the browser is closed (not completely shut down, just closed but still 'active' ) .. this timer ceases to work. Even a day later the user can still be logged in but reopening the mobile browser. Any suggestions on what we can use to fix this?
var t;
window.onload=resetTimer;
document.onkeypress=resetT
function resetTimer()
{
clearTimeout(call);
t=setTimeout(logOutInactiv
}
function logOutInactive(){
alert('Your session has been ended due to inactivity');
window.location.href="https://**.com.au/logout.php";
}
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi,
I got some questions about your explanation.
Anyways if i understood you correctly the ping should be sent on any browserr activity and dešpending on its time stamp the server side would logout if time in between pings is bigger then lets say 60 sec. But we are hoping for an automated solution that would automaticly redirect to logout if user is inactive for more then lets say 60 sec. Maybe i missunderstood you.
Waiting for your replie.
I got some questions about your explanation.
Anyways if i understood you correctly the ping should be sent on any browserr activity and dešpending on its time stamp the server side would logout if time in between pings is bigger then lets say 60 sec. But we are hoping for an automated solution that would automaticly redirect to logout if user is inactive for more then lets say 60 sec. Maybe i missunderstood you.
Waiting for your replie.
You understood what I suggested correctly.
What you are missing is that you can not do anything at the client side (meaning in the browser). All of the checking of active sessions needs to be done server-side.
On mobile devices when the browser is minimized it is not active - meaning that your Javascript will go into a hold state. If you have a timer then it just stops.
When the user reactivates the browser everything starts up, from "fresh", so you would have 60 seconds before the "ping" pushes up to you.
So your log out has to happen at the server-side, preventing any subsequent action from that browser session.
What you are missing is that you can not do anything at the client side (meaning in the browser). All of the checking of active sessions needs to be done server-side.
On mobile devices when the browser is minimized it is not active - meaning that your Javascript will go into a hold state. If you have a timer then it just stops.
When the user reactivates the browser everything starts up, from "fresh", so you would have 60 seconds before the "ping" pushes up to you.
So your log out has to happen at the server-side, preventing any subsequent action from that browser session.
ASKER
hmmm..ok could you give me a rough code example..just trying to get a full picture of it.
You already have the basics.
Each "browser" instance needs to have a unique identifier, and this is used to start their "logged in" status. This start-up includes writing a record to a DB server-side.
Your Javascript needs to use an Ajax call to update that DB record - this is the keep-alive - at a regular interval.
On the server-side, all of your PHP scripts need to use the unique identifier to check the keep alive timer before doing anything else.
If the timer exceeds your "inactivity" limit then the PHP scripts redirects to the logout.php
Each "browser" instance needs to have a unique identifier, and this is used to start their "logged in" status. This start-up includes writing a record to a DB server-side.
Your Javascript needs to use an Ajax call to update that DB record - this is the keep-alive - at a regular interval.
On the server-side, all of your PHP scripts need to use the unique identifier to check the keep alive timer before doing anything else.
If the timer exceeds your "inactivity" limit then the PHP scripts redirects to the logout.php
ASKER
Apologies about the delay in reply, we had a pause in development for a few days.
Appreciate your suggestions and we are about to give this a try ... we do have a very large number of scripts to test it with though , can i just reconfirm, there is no possible way we can get around this without modifying all scripts?
Thanks again
Appreciate your suggestions and we are about to give this a try ... we do have a very large number of scripts to test it with though , can i just reconfirm, there is no possible way we can get around this without modifying all scripts?
Thanks again
As you are using PHP you should handle the timing using an "include" file at the top of all your scripts. That will decrease the amount of work, in that you can write and test the code, then simply add the "include" at the top of all your other scripts.
ASKER
Cheers for your help, we haven't completely finished implementation but my developers confirmed this should do the job .. thanks again!
ASKER