?
Solved

Setting a timeout specific to mobile web browsers

Posted on 2012-09-08
9
Medium Priority
?
2,013 Views
Last Modified: 2013-12-27
Hi everyone,

We are building a web app in PHP / MySQL that uses a lot of javascript and Ajax ,  and part of the template has been designed for mobile viewing only.   As we don't use 'sessions' for this application, we are using the below piece of code to logout users that have been inactive for a certain period of time.  The issue we have is that on an Iphone / Mobile .. the timer works when the browser is on the screen at the time, but as soon as the browser is closed (not completely shut down, just closed but still 'active' )  .. this timer ceases to work. Even a day later the user can still be logged in but reopening the mobile browser. Any suggestions on what we can use to fix this?


var t;
window.onload=resetTimer;
document.onkeypress=resetTimer;

function resetTimer()
{
 clearTimeout(call);
 t=setTimeout(logOutInactive,60000)
}

function logOutInactive(){
alert('Your session has been ended due to inactivity');
window.location.href="https://**.com.au/logout.php";
}
0
Comment
Question by:webfactor
  • 5
  • 4
9 Comments
 
LVL 16

Accepted Solution

by:
grahamnonweiler earned 2000 total points
ID: 38379723
For mobile use you have the control the wrong way round. Meaning, the access control must be entirely server-side, and at the mobile device side it "pushes" a ping style "I'm active" message.

In practice, your device side Javascript should push a "keep alive" message based on a timer - say every 60 seconds. Without sessions you will need to assign a unique identifier to each browser, that in turn has to be passed with all requests.

At server-side, your scripts should check the last time stamp in the associated keep alive record. If the time lapsed since the last keep alive message is greater than 60 seconds then you log the device out.

This is the only way to handle a minmized, yet still active, browser (be it mobile, tablet or desktop).
0
 

Author Comment

by:webfactor
ID: 38381755
Thanks so much for the info, i'm waiting for my dev team to try this and will confirm how we go today
0
 

Author Comment

by:webfactor
ID: 38387000
Hi,
I got some questions about your explanation.
Anyways if i understood you correctly the ping should be sent on any browserr activity and dešpending on its time stamp the server side would logout if time in between pings is bigger then lets say 60 sec. But we are hoping for an automated solution that would automaticly redirect to logout if user is inactive for more then lets say 60 sec. Maybe i missunderstood you.
Waiting for your replie.
0
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
LVL 16

Expert Comment

by:grahamnonweiler
ID: 38388199
You understood what I suggested correctly.

What you are missing is that you can not do anything at the client side (meaning in the browser). All of the checking of active sessions needs to be done server-side.

On mobile devices when the browser is minimized it is not active - meaning that your Javascript will go into a hold state. If you have a timer then it just stops.

When the user reactivates the browser everything starts up, from "fresh", so you would have 60 seconds before the "ping" pushes up to you.

So your log out has to happen at the server-side, preventing any subsequent action from that browser session.
0
 

Author Comment

by:webfactor
ID: 38389921
hmmm..ok could you give me a rough code example..just trying to get a full picture of it.
0
 
LVL 16

Expert Comment

by:grahamnonweiler
ID: 38390043
You already have the basics.

Each "browser" instance needs to have a unique identifier, and this is used to start their "logged in" status. This start-up includes writing a record to a DB server-side.

Your Javascript needs to use an Ajax call to update that DB record - this is the keep-alive - at a regular interval.

On the server-side, all of your PHP scripts need to use the  unique identifier to check the keep alive timer before doing anything else.

If the timer exceeds your "inactivity" limit then the PHP scripts redirects to the logout.php
0
 

Author Comment

by:webfactor
ID: 38403033
Apologies about the delay in reply,  we had a pause in development for a few days.

Appreciate your suggestions and we are about to give this a try ... we do have a very large number of scripts to test it with though ,  can i just reconfirm,   there is no possible way we can get around this without modifying all scripts?

Thanks again
0
 
LVL 16

Expert Comment

by:grahamnonweiler
ID: 38403044
As you are using PHP you should handle the timing using an "include" file at the top of all your scripts. That will decrease the amount of work, in that you can write and test the code, then simply add the "include" at the top of all your other scripts.
0
 

Author Closing Comment

by:webfactor
ID: 38422251
Cheers for your help, we haven't completely finished implementation but my developers confirmed this should do the job .. thanks again!
0

Featured Post

Receive 1:1 tech help

Solve your biggest tech problems alongside global tech experts with 1:1 help.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you use the Google Now Launcher, as an aftermarket add on, have a Samsung Note 5 and are worried about power consumption be wary of using the ultra power saving mode.  Here is what happened to me when I made the mistake of trying this out...
This article shows how to use a free utility called 'Parkdale' to easily test the performance and benchmark any Hard Drive(s) installed in your computer. We also look at RAM Disks and their speed comparisons.
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.
This video tutorial shows you the steps to go through to set up what I believe to be the best email app on the android platform to read Exchange mail.  Get the app on your phone: The first step is to make sure you have the Samsung Email app on your …
Suggested Courses

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question