使用PHP注销非活动用户 [英] Logout an inactive user using PHP

问题描述

我试图在一段时间后将用户从CMS中注销.不活动是指没有单击鼠标或在该键盘上键入过.因此，闲置30分钟后，我的注销功能运行了.

I am trying to log a user out of my CMS after a set amount of time. By inactive I mean has not clicked the mouse or typed on there keyboard. So after 30 minutes of inactivity my log out function is ran.

我正在使用的CMS中已经内置了注销功能-

There is already a log out function built in to the CMS I am using -

<?php
session_start();
if (isset($_SESSION['user_id'])){
    $login = 1;
}else{
    $login = 0;
}

function confirm_logged_in() {
    if (!isset($_SESSION['user_id'])) {
        //redirect
        header("Location: /_cms/login.php?login=0");
    }
}
function logout(){
        $_SESSION = array();
        if(isset($_COOKIE[session_name()])){
            setcookie(session_name(), '', time()-4200, '/');
        }   
        session_destroy();
}

?>

其他人编写了此代码，它可以工作.但是我不知道注销一个不活动的用户所需的确切时间.预设时间是-4200.我要查找的是注销所需的时间，以及是否可以将其更改为我想要的任何时间.有人可以建议吗?

Someone else wrote this code and it works. However I don't know the exact time it takes to log out an inactive user. The preset time is - 4200. What I want to find out is how long that takes to logout and if I can change it to any time I want. Can anyone advise?

推荐答案

-4200只是破坏cookie.通过设置Cookie的过去时间来销毁Cookies.因此，向后设置4200秒与向后1秒一样有效.

The -4200 is just to destroy the cookie. Cookies are destroyed by setting a time in the past for them. So setting 4200 seconds backwards is just as effective as 1 second backwards.

要注销用户，有多种方法.您可以将自己的Cookie设置为上次激活时间(设置用户每次访问页面的时间).在每个脚本的开头都包含一个函数，该函数获取此cookie并检查应包含上次激活时间的值.如果此时间早于允许的非活动时间，则销毁此cookie并销毁会话，如果不是，则将值更新为当前时间.

To logout users there are multiple methods. You can have a your own cookie set with the last active time (set the time every time the user visits a page). At the beginning of each script include a function which gets this cookie and checks the value which should contain the last active time. If this time is older than your allowed inactive time, then destroy this cookie and destroy your session as well, if not, then update the value to the current time.

当然，您还可以在会话本身中存储上次活动时间，这是消除cookie传输和管理开销的更有效的方法.

Of course, you can also store inside the session itself the last active time, which is a much more efficient way removing the overhead of cookie transfer and management.

编辑

以下是用于检查上次活动时间并注销用户的最小代码:

Below is a minimal code to check for the last active time and logout the user:

function login(){
    //check login username/pass etc...
    $_SESSION['last_active_time'] = time();
}

function auth(){
   if($_SESSION['last_active_time'] < (time() - 1800)){ //1800 is 30 minutes (time in seconds)
        logout(); //destroy the session in the logout function
    }
    else{
        $_SESSION['last_active_time'] = time();
    }
   //do some auth related things
}

这是背后的基本逻辑.当然，您将需要实现安全性，检查等其他需要的东西.

That's the basic logic behind this. Of course you would need to implement other stuff you need along with security, checking, etc....

这篇关于使用PHP注销非活动用户的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！