Hi friend,
Actually, I looked at all the solutions and no doubt they all are great. But just a question?
Is it really necessary for the system to keep the person logged in even if he has not been doing any considerable work. For example, I opened up the site, logged into it and then I started surfing other sites and didn't look at it for a pretty good amount of time. What happened is that after an hour or so, I logged back in and Boom, I got the message
Your Session expired : Please log in again
How about time based session expiry?
Next point. Have you listened about heartbeat. I have an idea here, pretty simple, if it is required for the user to remain logged in i.e. session expiry cannot be used, then, What I have thought of is a simple heartbeat. Obviously, one has to do pretty complex programming as keeping it simple this time will make it vulnerable to easy hacking.
Now, the concept is, While, the user is logged in, it will keep sending a heartbeat signal at a particular period that is set so that it balances between the server load and the wait time (Wait time is : if a user closed the browser and then get to know about some important notification, he has to re-login and he used his phone to log in and it should not show him, already registered on another device.
Alright, Now, what happens is if the server doesn't receive any heartbeat for the given time, it will clear the user's session.
Well that was just my idea, and I am not sure if it is easy on server load and other parameters etc. But, you can give it a second thought if you like.
Hope that I was of some good help to you. Consider rating my answer. :)
With Regards
Tushar Srivastava