@foekall
This is difficult because there is no reliable way to *know* when someone logs out. Sure, they may use a 'logout' facility on your application, but they may also -- and this is much more likely -- just close the browser, and, if they do, then you (the application) are left unaware.
There is a way to overcome this, although, again, it is not perfect nor precise.
When a user (admin) logs in, you update a flag (logged_in) in your database to
true. You also log the
datetime of the log in (see datetime - mysql). If a user decides to use the logout facility, update the database flag to reflect this.
Now onto the 'knowing when a user is logged out'.
Everytime your admin account performs an action (deletes record, creates record, etc), you update the
datetime column to the current
datetime. Now we have a general understanding of the admin accounts last activity.
When a user attempts to login as admin, you first check if there is someone already logged in (logged_in). If there is, you compare the last activity time to the current time. You then decide how long someone should have remained inactive before being flagged as logged out. If the last activity time is greater than the specified time, allow the person attempting to log in that priviledge.
Any questions?