The questioner is developed using thinkphp, and relying on its existing functions, it is possible to end the session within a period of time (regardless of whether the user operates or not), but in this case, the experience will definitely be bad
What kind of situation does the industry generally refer to when judging whether a user has performed an operation? 1. The mouse does not move for a while? 2. No mouse click operation?
3...
I can use js to record these operations in cookies, and set the cookie expiration time, but the cookie has expired, how to end the session?
Reply content:
What kind of situation does the industry generally refer to when judging whether a user has performed an operation?
1. The mouse does not move for a while?2. No mouse click operation? 3...
I can use js to record these operations in cookies, and set the cookie expiration time, but the cookie has expired, how to end the session?
Server-side implementation principle: Set a record access timestamp in the user table. When the user logs in, write the current timestamp plus the required interval of inactivity. Each time a page that requires login permission is accessed, first detect the Is the time of the field greater than the current time? If it is greater, it means that the operation is in progress, and the timestamp is added to the time required to exit without operation, and the field is updated again. Or use session instead of database record.
Option 2The front-end implementation principle, using HTML5 storage or cookies, is the same as the first option, but the storage method is changed.
Comparison of plans
The database storage of plan 1 is not suitable in terms of performance. HTML5 is not compatible with lower version browsers, and js will be invalid if cookies are disabled. So session is more appropriate.
What I have done is to automatically log out if there is no operation for 15 minutes after the user logs in. It doesn't focus on whether the mouse is moving or not, it all depends on whether the mouse is clicked or whether the page is refreshed. You can directly delete the
cookie
cookie
to expire. For reference only
Generally, whether there is an operation refers to whether there is an access request. When there is a request, the backend can refresh the cookie and use cookies to control expiration.
You can also combine the two. In short, there are many methods, it depends on how you want to use it.
The session expiration time is configured in php.ini. If no action is taken after the time is exceeded, the cli will
commit suicide
by itself.
Generally, for front-end global event monitoring, AJAX calls a session every time an event is triggered, so that the user session can be kept uninterrupted. Otherwise, it will be released if it is not operated and exceeds the session expiration time in php.ini.
https://github.com/thorst/jqu...
There are callbacks for entering the idle state and reactivating the activation state. When entering the idle state, send an xhr to the server to end the session and you are done
Generally, it is background control and sets the session timeout.
The user's operation time limit is the life cycle of the SESSION. If it is assumed that the session cycle is 24 minutes, if the user logs in at 12:00 and does not perform any operations after 12:24, then the SESSION will be invalid at this time and the operation will be done again. Requesting to log in again, the limit is that the time difference between the two operations cannot exceed 24 minutes. In addition: If the COOKIE expires, then there must be no SESSION login, and the user must be not logged in. PHP's garbage collection mechanism will automatically clean up the SESSION file. If it is a SESSION stored in redis, then redis also has a corresponding method of destroying session data. .