HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

How to Set Automatically logout when user is idle for sometime?

Hello. How to set automatically logout when user is idle for 30mins?

i tried the following but nothing happens

session.gc_maxlifetime = 1400      (24mins)
session.gc_probability = 1
session.gc_divisor = 100

Thank you in advance guys.



  • R_JR_J Ex-Fanboy Munich Admin

    Vanilla doesn't use PHP sessions. You would need to implement that in a custom plugin. I guess you would need to hook into Gdn_CookieIdentity_getIdentity

    Your function would have to check User->DateLastActive and maybe update a custom field (e.g. in UserMeta) DateLastActive, because User->DateLastActive is updated only every 20 minutes

  • Thank you so much @R_J

  • Hi @R_J do you thing, It is possible to apply the code indicated below for inactivity timeout?


  • R_JR_J Ex-Fanboy Munich Admin

    Use the pockets plugin to insert it onto your page and try it out yourself. The problem I see is that you reload the page before the timeout. A reload will set back all timers and so the timeout can never happen

  • R_JR_J Ex-Fanboy Munich Admin

    A Javascript approach can be tricked by the user. Based on the motivation why you are interested in such a timeout that might be okay.

    I personally would hate such a feature and "disable" it for myself with a custom GreaseMonkey script

  • jay3rrrjay3rrr New
    edited November 2019

    Hello @R_J , for privacy concerns. Because i will use the forum site as private/ exclusive to the members only, that's why i need to activate the automatic logout when the session expires. And just in case member open the site to other devices.

    There's a warning in Pockets plugin

    can easily break your site if you make a mistake.

    i'm not advanced user that's why if you have simple idea i will be glad.

    thank you so much,

  • R_JR_J Ex-Fanboy Munich Admin

    Oh, one other point that would speak against a Javascript solution: if any user has the browser window open only for 2 minutes and then closes it, he would never be logged earlier than default vanilla behaviour is.

    If you additionally don't want users to be logged in from two different browsers, you have to find a complete different approach. I think there is a plugin for that last purpose and if I remember correctly x00 is the author

  • jay3rrrjay3rrr New
    edited November 2019

    @R_J and @Kaspar thank you so much guys. I will try it. I hope it works. :)

  • i tested it and not working to version 3.3

  • AoleeAolee Hobbyist & Coder ✭✭

    Pls enable debug and post the error.

  • Hello @Aolee.

    I don't see any error when i start to use the plugin (OneSession) but it's just not working.

    in the plugins description indicates

    It will force users to sign in if they have been logged in elsewhere, a single browser session at one time (apart from admins, who are immune)

    please see the image below:

    (i've been login 1 same non admin account in each different browsers and nothings happen)

Sign In or Register to comment.