"say, if the browser is idle for 15 mins, then it automatically redirect
to the admin/logout, where admin is my controller name, logout is the
method name."
To get it to only log them off if the browser has been idle for 15
minutes you could create a javascript listener. The easiest way would be
to detect mouse movement, key presses, clicks and supplement that with
an onunload listener so all bases are covered. When time runs out, the
page is automatically redirected and the session reset. When the page
unloads, the server is notified. The server will then store an attribute
in their session specifying when they became inactive. Depending on
whether or not you are using the cookie session store, you might want to
store this info in the database rather than in the session store just
because there is a remote possibility of a replay attack. If the user
reloads any page more than 15 minutes after the last activity, the
session will reset.
Here is the code (it assumes you are using prototype):
// idle.js
// portions adapted from
http://www.andrewsellick.com/67/simple-javascript-idle-state-using-//prototype
// 15 min in ms
var idleTime = 900000;
var timeOut = ”;
function init() {
new Ajax.Request('/login/inactivity?action=check',
{asynchronous:true, evalScripts:true});
Event.observe(document.body, ‘mousemove’, resetIdle, true);
Event.observe(document.body, ‘click’, resetIdle, true);
Event.observe(document.body, ‘keypress’, resetIdle, true);
setIdle();
}
function onIdleFunction(){
new Ajax.Request('/login/logout?rsn=inactivity', {asynchronous:true,
onComplete:function(){document.location.href='/login'}});
}
function resetIdle(){
window.clearTimeout( timeOut );
setIdle();
}
function setIdle(){
timeOut = window.setTimeout( "onIdleFunction()", idleTime );
}
function unloadReport() {
new Ajax.Request('/login/inactivity?action=set', {asynchronous:true});
}
Event.observe(window, ‘load’, init, false);
Event.observe(window, ‘unload’, unloadReport, false);
Controller code will follow in the next post