如果浏览器关闭,PHP Autologout功能无法正常工作
I am aware that similar questions have been asked, but none seem to have a good solution. I have a auto logout function ( see below).
However if the tab/browser is closed, the session is never destroyed, and more importantly the DB table tblTimeLog is not updated.
What I want to do is for the "timer to keep running" even tho the browser or tab is closed. Any suggestions on how to achieve this?
Auto logout function:
<?
session_start();
// set timeout period in seconds
$idleTime = 2400;
header("refresh: 2400");
// check to see if $_SESSION['timeout'] is set
if(isset($_SESSION['timeout']) ) {
$session_life = time() - $_SESSION['timeout'];
if($session_life > $idleTime) {
$db->Execute("UPDATE tblTimeLog SET LogoutTime = NOW() WHERE sid ='".session_id()."'".$row['konsulentid'].'');
session_destroy();
header("Location: login.php?loggut");
exit();
}
}
$_SESSION['timeout'] = time();
?>
我知道已经提出了类似的问题,但似乎都没有一个好的解决方案。 我有一个自动注销功能(见下文)。 p>
但是,如果选项卡/浏览器关闭,会话永远不会被销毁,更重要的是DB表 我想要做的是“定时器继续运行”,即使浏览器或标签已关闭。 有关如何实现此目的的任何建议吗? p>
自动注销功能: p>
tblTimeLog code>不会更新。 p>
&lt;?
session_start();
/ /设置超时时间(秒)
$ idleTime = 2400;
header(“refresh:2400”);
//检查$ _SESSION ['timeout']是否设置为
if(isset($ _ SESSION [ 'timeout'])){
$ session_life = time() - $ _SESSION ['timeout'];
if($ session_life&gt; $ idleTime){
$ db-&gt; Execute(“UPDATE tblTimeLog SET LogoutTime = NOW()WHERE sid ='“。session_id()。”'“。$ row ['konsulentid']。'');
session_destroy();
header(“Location:login.php?loggut”);
exit();
}
}
$ _SESSION ['timeout'] = time();
?&gt;
code> pre>
div>
Your issue is that the auto-logout only takes effect upon a request to your server.
You want your system to log users out regardless of whether they're still making requests or not.
One simple solution would be to set up a cron job to call a PHP script every minute or so. Have the script loop through all users, and log them out if necessary. This would require you to additionally store the last time they made a request in the database, as that's currently stored in a session that you would not have access to in a different script.
Alternatively, on a successful (logged in) request, you could schedule a script to log the user out. On each subsequent request, cancel that scheduled execution and schedule another.
Which solution you choose will depend on your exact system. Weigh up the pros and cons of each. The first might not be suitable, for example, because it will run all the time regardless of whether anyone is actually logged in.
IMO a reasonable solution is to have a cron job that periodically goes through all sessions in tblTimeLog table and updates the table's LogoutTime if timeout occured. Next time, if client with session id that got logged out by the cron script connects again, you destroy the session cookie. This would only require storing in the DB session expiration time.