What are the potential pitfalls of using exit popups for automatic logout in PHP?
Potential pitfalls of using exit popups for automatic logout in PHP include the possibility of users bypassing the popup, leading to insecure sessions. To solve this issue, it is recommended to implement server-side session management to handle automatic logout securely.
// Server-side session management for automatic logout
session_start();
// Set session timeout period (e.g. 30 minutes)
$timeout = 1800; // 30 minutes
// Check if user is logged in and session timeout has not expired
if(isset($_SESSION['logged_in']) && $_SESSION['logged_in'] == true && time() - $_SESSION['last_activity'] > $timeout) {
// Perform logout actions
session_unset();
session_destroy();
header("Location: login.php");
exit;
}
// Update last activity timestamp
$_SESSION['last_activity'] = time();
Related Questions
- How can PHP be used to iterate through and process input field arrays efficiently for database insertion?
- What are some best practices for handling user selections and storing information in the database based on category choices in PHP?
- What best practice should be followed when appending data to an array in PHP?