I am doing a project in which, as a requirement, I should log out a user who has been inactive for 1 hour, for example when he leaves the PC or when he does not interact in that tab.
The issue is that right now I have the following PHP code:
// Checking the session
if (!isset($_SESSION['created'])) {
$_SESSION['created'] = time();
} else if (time() - $_SESSION['created'] > 3600) {
// session started more than 1 hour ago
session_regenerate_id(true); // change session ID for the current session and invalidate old session ID
$_SESSION['created'] = time(); // update creation time
logOut();
}
Obviously this code "doesn't work" correctly. Because it removes the user's session 1h after starting it (whether or not it is inactive).
How can I get my code to know that the user has been inactive for 1h so I can logout?
Thanks for everything.
I would do the verification from the client side. You can create a script using JQuery that detects if the user has moved the mouse or pressed a key.