You're right it was just the error message making me think that. Fixed this with: session_start(); $_SESSION['user']['name']=$usrdata['username']; $_SESSION['user']['type']=$usrdata['type']; session_write_close(); //close the session
PHP is interpreted once on page load and has no event structure to capture post-load actions. For something like that, you wouldn't need to worry about security anyways, since the data you're saving is simple "when did my user login to the site" (a timestamp or date, nothing special). If it were me, I would set a cookie (or localstorage, because HTML5 is boss) in either PHP or JS and then use JS to determine when 15 minutes has elapsed. If they disable JS you're out of luck, unless you want to write your app in C/C++/*.NET/Java or something where you can have multi-state apps. Then again, if they disable JS they are paranoid idiots who don't understand the internet, so I wouldn't worry about those users.
Using strictly PHP you could do it, but it would only be able to check if the session was still valid once they refresh the page. If it's half an hour later, and maybe they were working on something before they left, they may lose their work. Personally I hate systems that have this feature, though I do understand why they do it.