cookies PHP session

[Solved- 7 Answers] How to expire a PHP session after 30 minutes?

[Solved- 7 Answers] PHP - How to expire a PHP session after 30 minutes?-We need to keep a session alive for 30 minutes and then destroy it

We need to keep a session alive for 30 minutes and then destroy it?

We need to implement our session timeout. The options are(session.gc_maxlifetime and
session.cookie_lifetime)( are not reliable

.First Option:

  • session.gc_maxlifetime specifies the number of seconds after which data will be seen as ‘garbage’ and cleaned up. Garbage collection occurs during session start.

Second Option:

  • session.cookie_lifetime specifies the lifetime of the cookie in seconds which is sent to the browser.

Best solution:

  • Use a simple time stamp that denotes the time of the last activity (i.e. request) and update it with every request:
php code
if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > 1800)) {
 // last request was more than 30 minutes ago 
session_unset(); // unset $_SESSION variable for the run-time
session_destroy(); // destroy session data in storage }
$_SESSION['LAST_ACTIVITY'] = time(); // update last activity time stamp 
  • Updating the session data with every request also changes the session file’s modification date hence, the previous sessions are not removed from the data.
  • Use an additional time stamp to regenerate the session ID periodically to avoid attacks on sessions like session fixation:
php code
if (!isset($_SESSION['CREATED'])) { $_SESSION['CREATED'] = time(); } 
else if (time() - $_SESSION['CREATED'] > 1800) { // session started more than 30 minutes ago session_regenerate_id(true);
 // change session ID for the current session and invalidate old session ID
 $_SESSION['CREATED'] = time(); 
// update creation time } 

We can particle sessions after a certain lifespan by using the session.gc_maxlifetime( setting:

php code
$_SESSION['example'] = array('foo' => 'bar', 'registered' => time());

 // later 

if ((time() - $_SESSION['example']['registered']) > (60 * 30))

  • Is .htaccess file to set the expire time ? Check with the below code:
php code
<IfModule mod_php5.c>
 #Session timeout php_value session.cookie_lifetime 1800 php_value session.gc_maxlifetime 1800 

  • Here is the another Sample code:
php code
if (isSet($_SESSION['started']))
{ if((mktime() - $_SESSION['started'] - 60*30) > 0){ 
Logout, destroy session, etc. 
{ $_SESSION['started'] = mktime(); 

  • Use the session_set_cookie_params function .
  • It automatically calls the function before session_start() call.
php code
$lifetime = strtotime('+30 minutes', 0); session_set_cookie_params($lifetime); session_start(); 

  • Simply use the below sample code in our include file which loaded in every pages.
php code
$expiry = 1800 ;
//session expiry required after 30 mins 
if (isset($_SESSION['LAST']) && (time() - $_SESSION['LAST'] > $expiry))
$_SESSION['LAST'] = time(); 

  • Store a timestamp in the session
php code
 $user = $_POST['user_name‘]
 $pass = $_POST['user_pass
require ('db_connection.php'); 
// Hey, always escape input if necessary!
 $result = mysql_query(sprintf("SELECT * FROM accounts WHERE user_Name='%s' AND user_Pass='%s'", mysql_real_escape_string($user), mysql_real_escape_string($pass)); 
if( mysql_num_rows( $result ) > 0)
 $array = mysql_fetch_assoc($result);
 $_SESSION['user_id'] = $user;
 $_SESSION['login_time'] = time(); 
 { header("Location:login.php"); 
  • Now, Check if the timestamp is within the allowed time window (1800 seconds is 30 minutes)
php code
<?php session_start();
 if( !isset( $_SESSION['user_id'] ) || time() - $_SESSION['login_time'] > 1800) 
{ // uncomment the next line to refresh the session, so it will expire after thirteen minutes of inactivity, and not thirteen minutes after login //$_SESSION['login_time'] = time();
 echo ( "this session is ". $_SESSION['user_id'] ); 
//show rest of the page and all other content }
READ  [ Solved -7 Answers ] Why doesn't this code simply print letters A to Z

About the author

Wikitechy Editor

Wikitechy Editor

Wikitechy Founder, Author, International Speaker, and Job Consultant. My role as the CEO of Wikitechy, I help businesses build their next generation digital platforms and help with their product innovation and growth strategy. I'm a frequent speaker at tech conferences and events.