put a unix timestamp in the session when they login

every time they hit a page, generate a new timstamp and compare it to the one in the session

if difference is greater than 300 use header to send them to login page with time out message

Yea, but can I get it to redirect them and destroy the session automatically? It seems like otherwise they may continue to fill out the form and not realize they are timed out...
This script does it, but obviously holds up loading the page because the while loop is infinite until 60 seconds.
$timeout = time() + (60);
while (time() <= $timeout) {
if(time() == $timeout) header("Location: http://www.example.com");
}

[edited by: jatar_k at 8:25 pm (utc) on June 3, 2005]
[edit reason] examplified url [/edit]

if you mean while they are sitting filling out the form, then no, not with php

php is a server side language which means they can have that page open for as long as they want and php will know nothing about it until it is sent back to the server.

There may be a javascript soution for this.

actually, you could have a really long meta refresh too, I guess, not really sure why you would want ot do all this though. Why is it so time sensitive?