I want my users to be logged out automatically after30 minutes of inactivity. I also want to have all sessions destroyed.
This is my login.php i have set cookies but does not work.

if (isset($_POST['member_login'])) {
    $username = isset($_POST['username']) ? $_POST['username'] : "";
    $password = md5(isset($_POST['password']) ? $_POST['password'] : "");
    if (isset($_POST['keep_login'])) {
        setcookie("user", $username, time() + (86400 * 30), "/");
        setcookie("pass", $_POST['password'], time() + (86400 * 30), "/");
    } else {
        setcookie("user","", time() - (86400 * 30), "/");
        setcookie("pass","", time() - (86400 * 30), "/");
    }

<form class="form-horizontal" action="" name="login_form" id="login_form" method="post">

          <div class="form-group mt-3">
          <h5 class="mlm">Enter User Id / Email Id</h5>                      <input type="text" class="form-control"  name="username" id="username" data-validetta="required" value="<?php if (isset($_COOKIE['user'])) { echo $_COOKIE['user']; } ?>">
                        </div>
          <div class="form-group">
          <h5 class="mlm">Enter your password</h5> 
                                      <input type="password" class="form-control"   name="password" id="password" data-validetta="required" value="<?php if (isset($_COOKIE['pass'])) { echo $_COOKIE['pass']; } ?>">
                        </div>

                        <div class="row">
                        <div class="col-6"><label class="bis-mark mt-1">
 <input type="checkbox"  name="keep_login" <?php
                                            if (isset($_COOKIE['pass']) && isset($_COOKIE['user'])) {
                                                echo "checked";
                                            }
                                        ?> checked>

Dashboard login page

commented: Deatils posted +0

Firstly, how do you sustain the login session per page refresh? How do you authenticate the user whether the cookie is genuine or not?

I do not know how to answer the question as what you can’t show how you’re doing it. The example code merely shows setting up a cookie for the login.

Assuming if you want to just check the cookie presence to sustain login session on user page refresh. You can just set a short lived cookie.

$cookie_name = ‘login’;
$cookie_value = ‘login’;
setcookie($cookie_name, $cookie_value, time() + 180, "/");

As 30 minutes goes by this cookie will not be able to be accessed and gets deleted by the browser.

However, I must also note that a real application for login and login authentication requires more work to secure access. If you have a user table. That user table also should have an id and a hashed password stored, and your login cookie should be used to compare the ID and the hashed password to sustain a validity check Per page refresh afaik. If not you also need to logout the user as well. Just my 2 cents.

If you need an example, you can download my CMS - https php-fusion dot co dot uk or google for Php-fusion 9. It’s free and open source.

commented: Details posted +0

Hi my problem not solved please see my dashboard and auth page details

dashboard
========================
include_once 'databaseConn.php';
include_once './lib/requestHandler.php';
$DatabaseCo = new DatabaseConn();
include_once './class/Config.class.php';
$configObj = new Config();
include_once 'auth.php';
$mid = $_SESSION['user_id'] ? $_SESSION['user_id'] : '';
=======================================================
auth.php
+++++++++++++++++++++++++++++++++++++
<?php

    if(!isset($_SESSION['user_name']) || (trim($_SESSION['user_id']) == ''))
     {
               echo "<script>window.location='login'</script>";
     }
?>

Hi

I do something similar on my site and logs me out after 30 mins, the script is below if any good to you

<script>
    var t;
    window.onload = resetTimer;
    document.onkeypress = resetTimer;

    function logout()
    {
        alert("You are now logged out.")
        location.href = 'logout.php'
    }
    function resetTimer()
    {
        clearTimeout(t);
        t = setTimeout(logout, 1800000) //logs out in 30 minutes
    }

    function cpassid(id)
    {
        $('input[name="id"]').val(id);

    }
</script>

I have used your script it is good but i am looking for user inactivity timout .

You are setting cookies to be the current timestamp + 86400 * 30. There are 86400 seconds in a day. That means you're setting cookies to expire after 30 days, not 30 minutes. Instead you want to do current timestamp + 60 * 30. That will be 60 seconds * 30, which is 30 minutes.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.