cookies PHP session

[Solved- 7 Answers] How to expire a PHP session after 30 minutes?

[Solved- 7 Answers] PHP - How to expire a PHP session after 30 minutes?-We need to keep a session alive for 30 minutes and then destroy it

We need to keep a session alive for 30 minutes and then destroy it?

We need to implement our session timeout. The options are(session.gc_maxlifetime and
session.cookie_lifetime)(http://php.net/manual/en/session.configuration.php#ini.session.gc-maxlifetime) are not reliable

.First Option:
session.gc_maxlifetime

  • session.gc_maxlifetime specifies the number of seconds after which data will be seen as ‘garbage’ and cleaned up. Garbage collection occurs during session start.

Second Option:
session.cookie_lifetime

  • session.cookie_lifetime specifies the lifetime of the cookie in seconds which is sent to the browser.

Best solution:

  • Use a simple time stamp that denotes the time of the last activity (i.e. request) and update it with every request:
php code
if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > 1800)) {
 // last request was more than 30 minutes ago 
session_unset(); // unset $_SESSION variable for the run-time
session_destroy(); // destroy session data in storage }
$_SESSION['LAST_ACTIVITY'] = time(); // update last activity time stamp 
  • Updating the session data with every request also changes the session file’s modification date hence, the previous sessions are not removed from the data.
  • Use an additional time stamp to regenerate the session ID periodically to avoid attacks on sessions like session fixation:
php code
if (!isset($_SESSION['CREATED'])) { $_SESSION['CREATED'] = time(); } 
else if (time() - $_SESSION['CREATED'] > 1800) { // session started more than 30 minutes ago session_regenerate_id(true);
 // change session ID for the current session and invalidate old session ID
 $_SESSION['CREATED'] = time(); 
// update creation time } 

We can particle sessions after a certain lifespan by using the session.gc_maxlifetime( http://uk3.php.net/manual/en/session.configuration.php#ini.session.gc-maxlifetime)ini setting:

php code
$_SESSION['example'] = array('foo' => 'bar', 'registered' => time());

 // later 

if ((time() - $_SESSION['example']['registered']) > (60 * 30))
 { 
unset($_SESSION['example']); 
} 

  • Is .htaccess file to set the expire time ? Check with the below code:
php code
<IfModule mod_php5.c>
 #Session timeout php_value session.cookie_lifetime 1800 php_value session.gc_maxlifetime 1800 
</IfModule

  • Here is the another Sample code:
php code
if (isSet($_SESSION['started']))
{ if((mktime() - $_SESSION['started'] - 60*30) > 0){ 
Logout, destroy session, etc. 
} 
} 
else 
{ $_SESSION['started'] = mktime(); 
}

  • Use the session_set_cookie_params function .
  • It automatically calls the function before session_start() call.
php code
$lifetime = strtotime('+30 minutes', 0); session_set_cookie_params($lifetime); session_start(); 

  • Simply use the below sample code in our include file which loaded in every pages.
php code
$expiry = 1800 ;
//session expiry required after 30 mins 
if (isset($_SESSION['LAST']) && (time() - $_SESSION['LAST'] > $expiry))
 {
 session_unset(); 
session_destroy();
 } 
$_SESSION['LAST'] = time(); 

  • Store a timestamp in the session
php code
<?php
 $user = $_POST['user_name‘]
 $pass = $_POST['user_pass
require ('db_connection.php'); 
// Hey, always escape input if necessary!
 $result = mysql_query(sprintf("SELECT * FROM accounts WHERE user_Name='%s' AND user_Pass='%s'", mysql_real_escape_string($user), mysql_real_escape_string($pass)); 
if( mysql_num_rows( $result ) > 0)
 {
 $array = mysql_fetch_assoc($result);
 session_start();
 $_SESSION['user_id'] = $user;
 $_SESSION['login_time'] = time(); 
header("Location:loggedin.php");
 } 
Else
 { header("Location:login.php"); 
} 
?> 
  • Now, Check if the timestamp is within the allowed time window (1800 seconds is 30 minutes)
php code
<?php session_start();
 if( !isset( $_SESSION['user_id'] ) || time() - $_SESSION['login_time'] > 1800) 
{
 header("Location:login.php"); 
} 
else 
{ // uncomment the next line to refresh the session, so it will expire after thirteen minutes of inactivity, and not thirteen minutes after login //$_SESSION['login_time'] = time();
 echo ( "this session is ". $_SESSION['user_id'] ); 
//show rest of the page and all other content }
 ?> 
READ  [ Solved -7 Answers ] Why doesn't this code simply print letters A to Z

About the author

Wikitechy Editor

Wikitechy Editor

Wikitechy Founder, Author, International Speaker, and Job Consultant. My role as the CEO of Wikitechy, I help businesses build their next generation digital platforms and help with their product innovation and growth strategy. I'm a frequent speaker at tech conferences and events.

X