Posted By

fackz on 11/05/13


session expire

Versions (?)

Who likes this?

9 people have marked this snippet as a favorite


How to expire a PHP session after X minutes?

 / Published in: PHP


The best solution is to implement a session timeout on your own. Use a simple time stamp that denotes the time of the last activity (i.e. request) and update it with every request:

  1. if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > 1800)) {
  2. // last request was more than 30 minutes ago
  3. session_unset(); // unset $_SESSION variable for the run-time
  4. session_destroy(); // destroy session data in storage
  5. }
  6. $_SESSION['LAST_ACTIVITY'] = time(); // update last activity time stamp
  8. /*
  9. You can also use an additional time stamp to regenerate the session ID periodically to avoid attacks on sessions like session fixation:
  10. */
  11. if (!isset($_SESSION['CREATED'])) {
  12. $_SESSION['CREATED'] = time();
  13. } else if (time() - $_SESSION['CREATED'] > 1800) {
  14. // session started more than 30 minutes ago
  15. session_regenerate_id(true); // change session ID for the current session an invalidate old session ID
  16. $_SESSION['CREATED'] = time(); // update creation time
  17. }
  19. //note that session.gc_maxlifetime should be at least equal to the life time of this custom expiration handler (1800 in this example).

Report this snippet  


RSS Icon Subscribe to comments
Posted By: jamessusan104 on August 22, 2017

On the off chance that i have session factors to tell if a client is on the web yet they have left the PC for X minutes, does the session timeout? If not what is a code to make them timeout if no activity(activity=going to different pages and so on)? assignment help service

Posted By: ChristineMeany on January 12, 2018

wow, great) thanks a lot

You need to login to post a comment.