php Session timeout warning

We have an app whereby the session times out after a predetermined time; each client can set their own time.

How can I determine when "time is running out" (for example, maybe 75% or 80% of the timeout has passed).

I am managing this "manually" as follows:

if ($_SESSION['tout'] != 0) {
      $tdiff = time() - $_SESSION['alast_used'];
      if ($tdiff > $_SESSION['tout']) {
            header ("location: index.php");

$_SESSION['tout'] contains the time allowed & is set (from a database) when the user logs in.

Each program has the code above. $_SESSION['alast_used'] is set to the current time at login.

The obvious problem with this approach is when the timeout occurs, they are "logged out" & returned to the login page with no message, etc.

I can see how to do a message but I don;'t know how to determine when it's 75% of the way there.

I know banks do this.

How can I?

Richard KortsAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Ray PaseurCommented:
You need some kind of communication between the client and the server.  The trigger for the communication would be on the client side and would fire, perhaps, once a second, counting up the time until a warning threshhold was reached.  You can do this with jQuery.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Richard KortsAuthor Commented:
Thanks, Ray. It occurred to me I could do just what you suggest.

I built a test using JavaScript with a set timer, etc.

Works good.
Ray PaseurCommented:

Thanks for the points, ~Ray
Julian HansenCommented:
I know this question is closed but I felt it worth adding my 2c worth.

My personal preference is not to poll the server. Rather on page load put a javascript call to setTimeout with a value that will be enough to give the person warning the session is about to expire. So if the session is 10 min long then

setTimeout("warn_user()", 600000);

Open in new window

Function warn_user can then be an alert or a custom popup - with a custom popup you can put a countdown to give the person time to make the click.

You mentioned banks - here is how my bank does it.
var session_duration=270000;

function resetTimer(){
	setTimeout("showWarning()", session_duration);

function showWarning(){
	warningWin =,"warningWin","menubar=no,location=no,resizable=no,scrollbars=no,status=no,width=200,height=200");

Open in new window

The above code pops a window with a 30 second countdown.
Session timeout is 5 min- the window pops after 4.5 min and gives 30seconds to respond.

The argument for polling is that server and client clocks might be inconsistent relative to each other. However, if this is the case then it will be in milliseconds not seconds.

The above should be more than adequate for the purposes you have described.
Richard KortsAuthor Commented:
To julianH

Thanks; that's essentially exactly what I did.

It occurred to me BEFORE Ray answered that it HAS to be on the client side because the server cannot know until a request is made.

I was always fascinated from the beginning of the web about the "stateless" way that it works. It was obvious to me from the outset that that was the ONLY way it could work and do what it does; billions of transactions every second.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.