Advanced Search

How to expire a PHP session after X minutes?

/ Published in: PHP
Save to your folder(s)
The best solution is to implement a session timeout on your own. Use a simple time stamp that denotes the time of the last activity (i.e. request) and update it with every request:

Expand | Embed | Plain Text

Copy this code and paste it in your HTML 
  1. if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > 1800)) {
  2.     // last request was more than 30 minutes ago
  3.     session_unset();     // unset $_SESSION variable for the run-time 
  4.     session_destroy();   // destroy session data in storage
  5. }
  6. $_SESSION['LAST_ACTIVITY'] = time(); // update last activity time stamp
  7.  
  8. /*
  9. You can also use an additional time stamp to regenerate the session ID periodically to avoid attacks on sessions like session fixation:
  10. */
  11. if (!isset($_SESSION['CREATED'])) {
  12.     $_SESSION['CREATED'] = time();
  13. } else if (time() - $_SESSION['CREATED'] > 1800) {
  14.     // session started more than 30 minutes ago
  15.     session_regenerate_id(true);    // change session ID for the current session an invalidate old session ID
  16.     $_SESSION['CREATED'] = time();  // update creation time
  17. }
  18.  
  19. //note that session.gc_maxlifetime should be at least equal to the life time of this custom expiration handler (1800 in this example).

URL: http://stackoverflow.com/questions/520237/how-do-i-expire-a-php-session-after-30-minutes

Report this snippet


Comments

RSS Icon Subscribe to comments

You need to login to post a comment.