I agree with you. The statelessness of the HTTP protocol gives rise to such issues like the ones I'm bringing out right now.

The pages that the users are viewing are practice exams from subjects being offered by a training center. The length they stare on a page is dependent on how fast they can solve the problem. Logging-out is mandatory. However in some unforeseen circumstances like a power failure, I wouldn't want to charge-up those "minutes".

I had once an "unlimited access" scheme, but the problem this brings is that user simply shares his account with another. To addresss this, we agreed to have limited access time for users.

I believe giving the user a 5 min to 10 min penalty for not logging-off properly is still fair. I wouldn't bother if they stay on the same page for two hours since all they can do is to stare on a single page with a single question... and nothing more. To get additional information, they need to navigate to another page.

Then why not rate based on pages viewed? That way you at least have an accurate measurement.

You could load a hidden 0 width frame with a metarefresh to your script. So every 10 seconds that frame reloads telling your server to take 10 seconds off this users account. When the user closes the window then it stop taking time off and if their time runs out you can have the frame reload the whole page telling the user they are out of time. It could even be a slightly visible frame with a counter. Since its all in frames the user realy wont notice or care, just make sure that your page wont load outside the frame or users could just grab the URL to it and skip the timer part.


___________
Eric Hodges