For the basic logout, it's very easy. Store a session variable which is the "last active time". Initialize it to the current time when the user logs in. Each time a page loads, start the session and check current time against the last active time. If the difference is over the limit, display a message and/or go back to the login screen. If it is not, reset the last active time to the current time. This way you have a timer which is reset on every page load. If no page is loaded for some given amount of time, the timer "expires" and you force a new login. To update the logged in status in the database after a time-based logout, you need a way to know when the user has *not* done something, and that by definition is not going to come from the user themselves. So you have to use a cron job which resets the database flag, there's no way around it. You could store the "last active time" described above in the database in addition to or instead of in the session data to facilitate this. -- Tom -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
