I am a web developer who has just had PHP thrust upon me. I have created a login-protected site and have put a timeout script on each page which redirects the user back to the login page if they have left the site idle for a certain period of time. In Opera and Safari it works great but in Firefox the login page still has the login credentials in the text fields, so anyone could just press "login" and log right back into the site, which sort of defeats the purpose. Exhaustive Google searches have turned up nothing.
Any advice is much appreciated!
The timeout code I'm using is:
$inactive = 200;
if(isset($_SESSION) ) {
$session_life = time() - $_SESSION;
if($session_life > $inactive){
header("location: http://www.fakedomain.com/index.php");
}
}
$_SESSION = time();