How do I expire a PHP session after 30 minutes

Question

I need to keep a session alive for 30 minutes and then destroy it

User · Answer

Just Store the current time and If it exceeds 30 minutes by comparing then destroy the current session

User · Answer

if  isSet   SESSION  started          if  mktime   -   SESSION  started   - 60 30   gt  0             Logout  destroy session  etc          else         SESSION  started     mktime

User · Answer

Store a timestamp in the session     lt  php      user     POST  user name     pass     POST  user pass     require   db connection php        Hey  always escape input if necessary   result   mysql query sprintf  SELECT   FROM accounts WHERE user Name   s  AND user Pass   s    mysql real escape string  user   mysql real escape string  pass     if  mysql num rows   result    gt  0         array   mysql fetch assoc  result            session start          SESSION  user id      user        SESSION  login time     time        header  Location loggedin php                  else       header  Location login php        gt    Now  Check if the timestamp is within the allowed time window  1800 seconds is 30 minutes    lt  php session start    if   isset    SESSION  user id        time   -   SESSION  login time    gt  1800        header  Location login php      else          uncomment the next line to refresh the session  so it will expire after thirteen minutes of inactivity  and not thirteen minutes after login         SESSION  login time     time        echo    this session is      SESSION  user id            show rest of the page and all other content     gt

User · Answer

This post shows a couple of ways of controlling the session timeout  http   bytes com topic php insights 889606-setting-timeout-php-sessions  IMHO the second option is a nice solution    lt  php         Starts a session with a specific timeout and a specific GC probability      param int  timeout The number of seconds until it should time out      param int  probability The probablity  in int percentage  that the garbage            collection routine will be triggered right now      param strint  cookie domain The domain path for the cookie      function session start timeout  timeout 5   probability 100   cookie domain               Set the max lifetime     ini set  session gc maxlifetime    timeout           Set the session cookie to timout     ini set  session cookie lifetime    timeout           Change the save path  Sessions stored in teh same path        all share the same lifetime  the lowest lifetime will be        used for all  Therefore  for this to work  the session        must be stored in a directory where only sessions sharing        it s lifetime are  Best to just dynamically create on       seperator   strstr strtoupper substr PHP OS  0  3     WIN                      path   ini get  session save path      seperator    session      timeout    sec       if  file exists  path             if  mkdir  path  600                 trigger error  Failed to create session save path directory   path   Check permissions    E USER ERROR                       ini set  session save path    path           Set the chance to trigger the garbage collection      ini set  session gc probability    probability       ini set  session gc divisor   100      Should always be 100         Start the session      session start            Renew the time left until this session times out         If you skip this  the session will time out based        on the time when it was created  rather than when        it was last used      if isset   COOKIE session name                setcookie session name      COOKIE session name     time      timeout   cookie domain

User · Answer

How PHP handles sessions is quite confusing for beginners to understand  This might help them by giving an overview of how sessions work  how sessions work custom-session-handlers

User · Answer

Well i understand the aboves answers are correct but they are on application level  why don t we simply use  htaccess file to set the expire time     lt IfModule mod php5 c gt       Session timeout     php value session cookie lifetime 1800     php value session gc maxlifetime 1800  lt  IfModule gt

User · Answer

It s actually easy with a function like the following  It uses database table name  sessions  with fields  id  and  time    Every time when the user visits your site or service again you should invoke this function to check if its return value is TRUE  If it s FALSE the user has expired and the session will be destroyed  Note  This function uses a database class to connect and query the database  of course you could also do it inside your function or something like that    function session timeout ok         global  db       timeout   SESSION TIMEOUT    const  e g  6   60 for 6 minutes      ok   false       session id   session id         sql    SELECT time FROM sessions WHERE session id       session id           rows    db- gt query  sql       if   rows     false              Timestamp could not be read          ok   FALSE            else             Timestamp was read succesfully         if  count  rows   gt  0                 zeile    rows 0                time past    zeile  time                if    timeout    time past  lt  time                         Time has expired                 session destroy                     sql    DELETE FROM sessions WHERE session id         session id                         affected    db - gt  query  sql                    ok   FALSE                            else                     Time is okay                  ok   TRUE                   sql    UPDATE sessions SET time      time        WHERE session id         session id                         erg    db - gt  query  sql                   if   erg    false                          DB error                                                   else                 Session is new  write it to database table sessions              sql    INSERT INTO sessions session id time  VALUES      session id       time                      res    db- gt query  sql               if   res     FALSE                      Database error                  ok   false                             ok   true                    return  ok            return  ok

User · Answer

Using timestamp      lt  php if   isset   SESSION          session   session start       if   session  amp  amp   isset   SESSION  login time           if   session    1              SESSION  login time   time            echo  Login      SESSION  login time            echo   lt br gt              SESSION  idle time     SESSION  login time   20          echo  Session Idle      SESSION  idle time            echo   lt br gt          else            SESSION  login time               else       if  time   gt   SESSION  idle time             echo  Session Idle      SESSION  idle time            echo   lt br gt            echo  Current    time            echo   lt br gt            echo  Session Time Out           session destroy            session unset          else           echo  Logged In lt br gt              gt      I have used 20 seconds to expire the session using timestamp    If you need 30 min add 1800  30 min in seconds

User · Answer

You should implement a session timeout of your own  Both options mentioned by others  session gc maxlifetime and session cookie lifetime  are not reliable  I ll explain the reasons for that   First      session gc maxlifetime   session gc maxlifetime specifies the number of seconds after which data will be seen as  garbage  and cleaned up  Garbage collection occurs during session start    But the garbage collector is only started with a probability of session gc probability divided by session gc divisor  And using the default values for those options  1 and 100 respectively   the chance is only at 1    Well  you could simply adjust these values so that the garbage collector is started more often  But when the garbage collector is started  it will check the validity for every registered session  And that is cost-intensive   Furthermore  when using PHP s default session save handler files  the session data is stored in files in a path specified in session save path  With that session handler  the age of the session data is calculated on the file s last modification date and not the last access date      Note  If you are using the default file-based session handler  your filesystem must keep track of access times  atime   Windows FAT does not so you will have to come up with another way to handle garbage collecting your session if you are stuck with a FAT filesystem or any other filesystem where atime tracking is not available  Since PHP 4 2 3 it has used mtime  modified date  instead of atime  So  you won t have problems with filesystems where atime tracking is not available    So it additionally might occur that a session data file is deleted while the session itself is still considered as valid because the session data was not updated recently   And second      session cookie lifetime   session cookie lifetime specifies the lifetime of the cookie in seconds which is sent to the browser          Yes  that s right  This only affects the cookie lifetime and the session itself may still be valid  But it s the server s task to invalidate a session  not the client  So this doesn t help anything  In fact  having session cookie lifetime set to 0 would make the session   s cookie a real session cookie that is only valid until the browser is closed   Conclusion   best solution   The best solution is to implement a session timeout of your own  Use a simple time stamp that denotes the time of the last activity  i e  request  and update it with every request   if  isset   SESSION  LAST ACTIVITY     amp  amp   time   -   SESSION  LAST ACTIVITY    gt  1800            last request was more than 30 minutes ago     session unset           unset   SESSION variable for the run-time      session destroy         destroy session data in storage     SESSION  LAST ACTIVITY     time       update last activity time stamp   Updating the session data with every request also changes the session file s modification date so that the session is not removed by the garbage collector prematurely   You can also use an additional time stamp to regenerate the session ID periodically to avoid attacks on sessions like session fixation   if   isset   SESSION  CREATED             SESSION  CREATED     time      else if  time   -   SESSION  CREATED    gt  1800           session started more than 30 minutes ago     session regenerate id true         change session ID for the current session and invalidate old session ID       SESSION  CREATED     time        update creation time     Notes    session gc maxlifetime should be at least equal to the lifetime of this custom expiration handler  1800 in this example   if you want to expire the session after 30 minutes of activity instead of after 30 minutes since start  you ll also need to use setcookie with an expire of time   60 30 to keep the session cookie active

User · Answer

Simple way of PHP session expiry in 30 minutes   Note   if you want to change the time  just change the 30 with your desired time and do not change   60  this will gives the minutes     In minutes    30   60   In days    n   24   60   60   n   no of days      Login php   lt  php     session start      gt    lt html gt       lt form name  form1  method  post  gt           lt table gt               lt tr gt                   lt td gt Username lt  td gt                   lt td gt  lt input type  text  name  text  gt  lt  td gt               lt  tr gt               lt tr gt                   lt td gt Password lt  td gt                   lt td gt  lt input type  password  name  pwd  gt  lt  td gt               lt  tr gt               lt tr gt                   lt td gt  lt input type  submit  value  SignIn  name  submit  gt  lt  td gt               lt  tr gt           lt  table gt       lt  form gt   lt  html gt    lt  php     if  isset   POST  submit                v1    FirstUser            v2    MyPassword            v3     POST  text             v4     POST  pwd            if   v1     v3  amp  amp   v2     v4                  SESSION  luser      v1                SESSION  start     time       Taking now logged in time                 Ending a session in 30 minutes from the starting time                SESSION  expire       SESSION  start      30   60               header  Location  http   localhost somefolder homepage php              else               echo  Please enter the username or password again                      gt    HomePage php   lt  php     session start         if   isset   SESSION  luser               echo  Please Login again           echo   lt a href  http   localhost somefolder login php  gt Click Here to Login lt  a gt              else            now   time       Checking the time now when home page starts           if   now  gt    SESSION  expire                  session destroy                echo  Your session has expired   lt a href  http   localhost somefolder login php  gt Login here lt  a gt                      else     Starting this else one  else1    gt               lt  -- From here all HTML coding can be done -- gt               lt html gt                  Welcome                  lt  php                     echo   SESSION  luser                        echo   lt a href  http   localhost somefolder logout php  gt Log out lt  a gt                      gt               lt  html gt   lt  php                   gt    LogOut php   lt  php     session start        session destroy        header  Location  http   localhost somefolder login php      gt

User · Answer

Is this to log the user out after a set time  Setting the session creation time  or an expiry time  when it is registered  and then checking that on each page load could handle that   E g      SESSION  example     array  foo    gt   bar    registered    gt  time         later  if   time   -   SESSION  example    registered     gt   60   30         unset   SESSION  example         Edit  I ve got a feeling you mean something else though   You can scrap sessions after a certain lifespan by using the session gc maxlifetime ini setting   Edit      ini set  session gc maxlifetime   60 30

User · Answer

This was an eye-opener for me  what Christopher Kramer wrote in 2014 on https   www php net manual en session configuration php 115842  On debian  based  systems  changing session gc maxlifetime at runtime has no real effect  Debian disables PHP s own garbage collector by setting session gc probability 0  Instead it has a cronjob running every 30 minutes  see  etc cron d php5  that cleans up old sessions  This cronjob basically looks into your php ini and uses the value of session gc maxlifetime there to decide which sessions to clean  see  usr lib php5 maxlifetime

User · Answer

You can straight use a DB to do it as an alternative  I use a DB function to do it that I call chk lgn    Check login checks to see if they are logged in or not and  in doing so  it sets the date time stamp of the check as last active in the user s db row column   I also do the time check there  This works for me for the moment as I use this function for every page    P S  No one I had seen had suggested a pure DB solution

User · Answer

Use this class for 30 min  class Session      public static function init            ini set  session gc maxlifetime   1800            session start              public static function set  key   val             SESSION  key    val            public static function get  key           if isset   SESSION  key                 return   SESSION  key             else              return false                      public static function checkSession            self  init            if self  get  adminlogin    false               self  destroy                header  Location login php                        public static function checkLogin            self  init            if self  get  adminlogin    true               header  Location index php                        public static function destroy            session destroy            header  Location login php

User · Answer

Use the session set cookie paramsfunciton for make this   Is necessary calling this function before session start   call   Try this    lifetime   strtotime   30 minutes   0    session set cookie params  lifetime    session start      See more in  http   php net manual function session-set-cookie-params php

User · Answer

Please use following block of code in your include file which loaded in every pages    expiry   1800    session expiry required after 30 mins     if  isset   SESSION  LAST     amp  amp   time   -   SESSION  LAST    gt   expiry             session unset            session destroy                SESSION  LAST     time

[php] How do I expire a PHP session after 30 minutes?

Examples related to php

Examples related to session

Examples related to cookies