You will have to monitor their session, or period of time between login and logout as well. During a user's session you allow them to keep their "session" status as long as they are active within a certain period of time. The PHP default is 20 minutes. After 20 minutes of no activity you would remove their session and "log them out" by changing their online status.

You may want to have a closer look at PHP Sessions [php.net] and pay particular attention to the garbage collection process. You can use filesystem session management or you can control session management yourself using a database.

"You will have to monitor their session, or period of time between login and logout as well. During a user's session you allow them to keep their "session" status as long as they are active within a certain period of time."

I have been searching for a session oriented way to solve this auto-logout problem for a while. I have not been able to figure it out using that session reference. Could you recommend any resources regarding "monitor their session"? I have found not much info on this topic.
I, too, am searching for a way to log users out if they have closed the browser or just left the room for 12 hours. I thought there must be a way to see which $_SESSION['unique_user_name'] variables are set on the system at any given time, but couldn't figure it out.

not sure if this question is being asked in the wrong way, but when I re-read the first reply after looking into what he suggested (the session garbage collection), I realized that he did not address the actual question, but rather gave a great tip on how to close a user's session if they are gone for a while.
I believe the user wants to store log on and log off times in a database. This would enable you to display, accurately, which users are on the system.
When I asked this question a while back, people suggested 2 things that sounded reasonable.

1) they suggested logging users off if they haven't "done anything" on the system for a while. But this sort of implies that we log every single user action in a database. I don't think that sounds good.

2) they also suggested using onunload() - a javascript function that get's called when a user closes the browser. Sounds great! But when I tried to implement some ajax logoff stuff onunload(), the browser window came back up after closing, ran the logoff script and then closed. That didn't work either. I can;t have the browser coming back after the user tries to close it.

is there a better way to do this?
people tell you to be careful to secure your sessions because they are hackable. So that implies that I should be able to hack my own sessions. Can I get a list of user names who have open sessions? There's all sorts of things I've read that imply that you could do this, but I can't find any actual descriptions of the process.

I was looking through the temporary internet files on my computer and a site that does what I am looking for appears to store the session id in a cookie. Would it be possible to do what I am looking for with cookies? I have never used them before so I am curious.

Thanks for your help!

Would it be possible to do what I am looking for with cookies?

In the scenario you mentioned, you will face the same challenge using cookies as you are facing with sessions.

I believe the key thing is to detect if there is no inactivity for a certain period of time, and then take the last time there was an activity as the log out time. To do that, you will need to update a table with the timestamp of the last activity. Run a function first thing on all the pages to capture the last time the person loaded any of the pages.

But perhaps, there might be a better solution too.

When I go to a site that does this, I log in and take a look at the page source and see

<script language="JavaScript" type="text/javascript">
<!--
var session ="a session id"
var pval ="a 7 digit number"
-->
</script>

there isn't an external file, no function.

I thought of having each page use a time stamp and if that stamp but this site has hundreds of thousands log into it every day, wouldn't that be a tad taxing on the server?