What are the potential pitfalls of using exit popups for automatic logout in PHP?

Potential pitfalls of using exit popups for automatic logout in PHP include the possibility of users bypassing the popup, leading to insecure sessions. To solve this issue, it is recommended to implement server-side session management to handle automatic logout securely.

// Server-side session management for automatic logout
session_start();

// Set session timeout period (e.g. 30 minutes)
$timeout = 1800; // 30 minutes

// Check if user is logged in and session timeout has not expired
if(isset($_SESSION['logged_in']) && $_SESSION['logged_in'] == true && time() - $_SESSION['last_activity'] > $timeout) {
    // Perform logout actions
    session_unset();
    session_destroy();
    header("Location: login.php");
    exit;
}

// Update last activity timestamp
$_SESSION['last_activity'] = time();