Idle User Logout

Hi this post is for implementing idle user logout. I have written it using wordpress db object. Because wordpress is based on cookies and default expiry time is 2 weeks. But wordpress does not provide any intuit functionality for logging out an idle user. I googled few plugins for it.. I think most popular is “Idle User Logout”. Its really good but is was not according to my needs. The biggest disadvantage was that it is keeping only user ID and time expire in user meta in database so when a user will logout from any browser it will logout it from another machine as well and that most of user does not want.

So I have made a class which works according to session id of user to overcome this. You can set any time on it.

The queries are written using wordpresss DB object but core user can change them in mysqli extension to use in core

First you have to add a table in your database.
You can execute following query. Or you can extend it according to your needs.

CREATE TABLE IF NOT EXISTS `user_sessions` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `user_id` int(11) NOT NULL,
  `session_id` varchar(255) NOT NULL,
  `created_at` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB  DEFAULT CHARSET=utf8 AUTO_INCREMENT=550 ;

Just put below code in your wordpress functions.php file. I have kept this class file under ‘wp-content/themes/responsive-child/include/ManageSession.php’

<?php

/* 
 * class to manage session timeout for given time
 */

class ManageSession{
    public $current_session_id;
    public $current_user_id;
    public $default_idle_time = 600;
    
    public function __construct() {
        $this->current_session_id=session_id();
        $this->current_user_id = get_current_user_id();
        $this->checkSession();
        //die();
    }
     /** function to start new session */
    public function savesession() {
        global $wpdb;            
        $currenttime=time();
        $insert=$wpdb->query("INSERT INTO `user_sessions` (`user_id`, `session_id`, `created_at`) VALUES ('{$this->current_user_id}','{$this->current_session_id}',NOW())");
        if(false===$insert){
            die("Error in inserting session data");
        }
        
    }
     /** function to update user session time */
    public function updatesession() {
        global $wpdb;
        $update=$wpdb->query("UPDATE `user_sessions` SET created_at=NOW() WHERE user_id='$this->current_user_id' AND session_id='$this->current_session_id' ");
        if(false===$update){
            die("Error on updating session data");
        }
    }
    /** function to delete all idle user sessions (according to expiry time) */
    public function deleteOldsessions() {
        global $wpdb;     
        $update=$wpdb->query("DELETE FROM `user_sessions` WHERE  DATE_ADD(created_at, INTERVAL $this->default_idle_time second) < NOW() ");
        if(false===$update){
            die("Error on deleting session data");
        }
    }
    
 /** function to validate a user session time */
    public function checkSession() {
        global $wpdb;
        $current_user_session_time=$wpdb->get_var("SELECT created_at FROM `user_sessions` WHERE user_id='$this->current_user_id' AND session_id='$this->current_session_id'");                
        
        if($current_user_session_time){
            $timeexpired=$wpdb->get_var("SELECT created_at FROM `user_sessions` WHERE  DATE_ADD(created_at, INTERVAL $this->default_idle_time second) < NOW() AND user_id='$this->current_user_id' AND session_id='$this->current_session_id' ");                       
            
            if($timeexpired){
                $this->deleteOldsessions();               
                wp_redirect( wp_login_url() . '?idle=1' );
                wp_logout();
                exit();
            }
            else{
                $this->updatesession();
            }            
        }
        else{
            $this->deleteOldsessions();
            $this->savesession();
        }
    }
    
}

Using Manage session Class:

Using is really very easy:

if ( is_user_logged_in() ) { //check if user is already logged in then only call this class
    require_once 'include/ManageSession.php';
    $mng_session = new ManageSession();
}

Note:
Core PHP users can easily use this class and can change it accordingly.