Well, there are several ways that jump into my mind how to handle this issue.
One simple way is to keep the date/time in the form of a timestamp saved in your database
for the user. Each time they do any access or press any button or type any text, the timestamp
is updated. You set a time limit and logged them out after that time period. A lot of sites set
this at 20 minutes. For banking and other more secure sites, it is 3 minutes. If a user sits and
stares at the screen for 20 minutes or goes to the store, when they come back and try to do the
next step in what they were doing, the timer has expired and they get switched to a no-access
display page.
Another way would be to write a Javascript/JQuery that keeps a running counter that could be
displayed in the corner somewhere like a count down timer. Once it reaches zero, it moves the
page to the login page. (All login pages should zero out all login session info so that the session
is not active before validating the login info.)
So, since most user-orientated sites access the database after each entry to post the info, the first
way would probably be the simplest and quickest to implement. Since you already write to the DB
with the “post” or whatever is being entered and most buttons access data in the DB, it would be
very simple to just add an “UPDATE” query that changes the user’s timestamp.
Hope that helps.