php Session timeout warning

Posted on 2013-10-21
Medium Priority
Last Modified: 2013-10-22
We have an app whereby the session times out after a predetermined time; each client can set their own time.

How can I determine when "time is running out" (for example, maybe 75% or 80% of the timeout has passed).

I am managing this "manually" as follows:

if ($_SESSION['tout'] != 0) {
      $tdiff = time() - $_SESSION['alast_used'];
      if ($tdiff > $_SESSION['tout']) {
            header ("location: index.php");

$_SESSION['tout'] contains the time allowed & is set (from a database) when the user logs in.

Each program has the code above. $_SESSION['alast_used'] is set to the current time at login.

The obvious problem with this approach is when the timeout occurs, they are "logged out" & returned to the login page with no message, etc.

I can see how to do a message but I don;'t know how to determine when it's 75% of the way there.

I know banks do this.

How can I?

Question by:Richard Korts
  • 2
  • 2
LVL 111

Accepted Solution

Ray Paseur earned 2000 total points
ID: 39589554
You need some kind of communication between the client and the server.  The trigger for the communication would be on the client side and would fire, perhaps, once a second, counting up the time until a warning threshhold was reached.  You can do this with jQuery.

Author Comment

by:Richard Korts
ID: 39589567
Thanks, Ray. It occurred to me I could do just what you suggest.

I built a test using JavaScript with a set timer, etc.

Works good.
LVL 111

Expert Comment

by:Ray Paseur
ID: 39589648

Thanks for the points, ~Ray
LVL 62

Expert Comment

by:Julian Hansen
ID: 39590216
I know this question is closed but I felt it worth adding my 2c worth.

My personal preference is not to poll the server. Rather on page load put a javascript call to setTimeout with a value that will be enough to give the person warning the session is about to expire. So if the session is 10 min long then

setTimeout("warn_user()", 600000);

Open in new window

Function warn_user can then be an alert or a custom popup - with a custom popup you can put a countdown to give the person time to make the click.

You mentioned banks - here is how my bank does it.
var session_duration=270000;

function resetTimer(){
	setTimeout("showWarning()", session_duration);

function showWarning(){
	warningWin = window.open(count_down_URL,"warningWin","menubar=no,location=no,resizable=no,scrollbars=no,status=no,width=200,height=200");

Open in new window

The above code pops a window with a 30 second countdown.
Session timeout is 5 min- the window pops after 4.5 min and gives 30seconds to respond.

The argument for polling is that server and client clocks might be inconsistent relative to each other. However, if this is the case then it will be in milliseconds not seconds.

The above should be more than adequate for the purposes you have described.

Author Comment

by:Richard Korts
ID: 39591208
To julianH

Thanks; that's essentially exactly what I did.

It occurred to me BEFORE Ray answered that it HAS to be on the client side because the server cannot know until a request is made.

I was always fascinated from the beginning of the web about the "stateless" way that it works. It was obvious to me from the outset that that was the ONLY way it could work and do what it does; billions of transactions every second.

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Developers of all skill levels should learn to use current best practices when developing websites. However many developers, new and old, fall into the trap of using deprecated features because this is what so many tutorials and books tell them to u…
Things That Drive Us Nuts Have you noticed the use of the reCaptcha feature at EE and other web sites?  It wants you to read and retype something that looks like this. Insanity!  It's not EE's fault - that's just the way reCaptcha works.  But it i…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question