Best IT Recipes

PHP Session Timeout

I create a session when the user logs in like this:

$_SESSION['id'] = $id;

How can I specify a timeout on this session in X minutes and then execute a function or redirect the page when it reaches X minutes?

EDIT: I forgot to mention that I need a timeout session due to inactivity.

+44
redirect php login timeout session
Jun 18 '10 at 10:13
source share
8 answers

first save the last time the user made a request

 <?php $_SESSION['timeout'] = time(); ?>

in the next request, check how long they made their previous request (10 minutes in this example)

 <?php if ($_SESSION['timeout'] + 10 * 60 < time()) { // session timed out } else { // session ok } ?>
+86
Jun 18 '10 at 10:16
source share

When the session expires, the data is no longer present, so something like

 if (!isset($_SESSION['id'])) { header("Location: destination.php"); exit; }

will be redirected whenever the session is no longer active.

You can set how long a session cookie is supported using session.cookie_lifetime

 ini_set("session.cookie_lifetime","3600"); //an hour

EDIT: If you synchronize sessions due to security problems (instead of convenience), use the accepted answer, as the comments below show, this is controlled by the client and therefore is not protected. I never thought of it as a security measure.

+41
Jun 18 '10 at 10:15
source share

Just check first that the session has not yet been created, and if it has not been created. Here I install it only for 1 minute.

 <?php if(!isset($_SESSION["timeout"])){ $_SESSION['timeout'] = time(); }; $st = $_SESSION['timeout'] + 60; //session time is 1 minute ?> <?php if(time() < $st){ echo 'Session will last 1 minute'; } ?>
+5
Jun 27 2018-12-12T00:
source share
 <script type="text/javascript"> window.setTimeout("location=('timeout_session.htm');",900000); </script>

The title of each page works for me during testing the site (the site has not yet been released). On the HTML page, it ends with a session and simply informs the user about the need to re-enter the system. This seems like an easier way than playing with PHP logic. I would like some comments on this idea. Any traps that I have not seen in it?

+2
May 29 '13 at 17:42
source share
 <?php session_start(); if (time()<$_SESSION['time']+10){ $_SESSION['time'] = time(); echo "welcome old user"; } else{ session_destroy(); session_start(); $_SESSION['time'] = time(); echo "welcome new user"; } ?>
+1
Sep 30 '13 at 9:37
source share

The Byterbit solution is problematic because:

  • server-side client cookie expiration is a security issue.
  • if the expiration timeout set on the server side is less than the timeout set on the client side, the page does not reflect the actual state of the cookie.
  • even if for convenience it’s a development stage, because it will not reflect the correct behavior (in time) at the release stage.

for cookies, setting expiration through session.cookie_lifetime is the right solution in terms of design and security! you can use session.gc_maxlifetime to end the session.

cookie expiration by calling session_destroy can lead to unpredictable results, as they may already have expired.

making changes to php.ini is also a valid solution, but does a global expiration for the whole domain, which may not be what you really want - some pages may prefer to save some cookies more than others.

+1
Mar 01 '16 at 19:18
source share
  session_cache_expire( 20 ); session_start(); // NEVER FORGET TO START THE SESSION!!! $inactive = 1200; //20 minutes *60 if(isset($_SESSION['start']) ) { $session_life = time() - $_SESSION['start']; if($session_life > $inactive){ header("Location: user_logout.php"); } } $_SESSION['start'] = time(); if($_SESSION['valid_user'] != true){ header('Location: ../....php'); }else{

source: http://www.daniweb.com/web-development/php/threads/124500

0
Feb 09 2018-12-12T00:
source share
 <?php session_start(); if($_SESSION['login'] != 'ok') header('location: /dashboard.php?login=0'); if(isset($_SESSION['last-activity']) && time() - $_SESSION['last-activity'] > 600) { // session inactive more than 10 min header('location: /logout.php?timeout=1'); } $_SESSION['last-activity'] = time(); // update last activity time stamp if(time() - $_SESSION['created'] > 600) { // session started more than 10 min ago session_regenerate_id(true); // change session id and invalidate old session $_SESSION['created'] = time(); // update creation time } ?>
0
Apr 21 '15 at 21:01
source share


More articles:


All Articles