We need to keep a session alive for 30 minutes and then destroy it?
We need to implement our session timeout. The options are(session.gc_maxlifetime and
session.cookie_lifetime)(http://php.net/manual/en/session.configuration.php#ini.session.gc-maxlifetime) are not reliable
- session.gc_maxlifetime specifies the number of seconds after which data will be seen as ‘garbage’ and cleaned up. Garbage collection occurs during session start.
- session.cookie_lifetime specifies the lifetime of the cookie in seconds which is sent to the browser.
- Use a simple time stamp that denotes the time of the last activity (i.e. request) and update it with every request:
- Updating the session data with every request also changes the session file’s modification date hence, the previous sessions are not removed from the data.
- Use an additional time stamp to regenerate the session ID periodically to avoid attacks on sessions like session fixation:
We can particle sessions after a certain lifespan by using the session.gc_maxlifetime( http://uk3.php.net/manual/en/session.configuration.php#ini.session.gc-maxlifetime)ini setting:
- Is .htaccess file to set the expire time ? Check with the below code:
- Here is the another Sample code:
- Use the session_set_cookie_params function .
- It automatically calls the function before session_start() call.
- Simply use the below sample code in our include file which loaded in every pages.
- Store a timestamp in the session
- Now, Check if the timestamp is within the allowed time window (1800 seconds is 30 minutes)