[Solved- 7 Answers] How to expire a PHP session after 30 minutes?

March 14, 2017 2 Min Read

546 0

PROBLEM :

We need to keep a session alive for 30 minutes and then destroy it?

SOLUTION 1 :

We need to implement our session timeout. The options are(session.gc_maxlifetime and
session.cookie_lifetime)(http://php.net/manual/en/session.configuration.php#ini.session.gc-maxlifetime) are not reliable

.First Option:
session.gc_maxlifetime

session.gc_maxlifetime specifies the number of seconds after which data will be seen as ‘garbage’ and cleaned up. Garbage collection occurs during session start.

Second Option:
session.cookie_lifetime

session.cookie_lifetime specifies the lifetime of the cookie in seconds which is sent to the browser.

Best solution:

Use a simple time stamp that denotes the time of the last activity (i.e. request) and update it with every request:

[pastacode lang=”php” manual=”if%20(isset(%24_SESSION%5B’LAST_ACTIVITY’%5D)%20%26%26%20(time()%20-%20%24_SESSION%5B’LAST_ACTIVITY’%5D%20%3E%201800))%20%7B%0A%20%2F%2F%20last%20request%20was%20more%20than%2030%20minutes%20ago%20%0Asession_unset()%3B%20%2F%2F%20unset%20%24_SESSION%20variable%20for%20the%20run-time%0Asession_destroy()%3B%20%2F%2F%20destroy%20session%20data%20in%20storage%20%7D%0A%24_SESSION%5B’LAST_ACTIVITY’%5D%20%3D%20time()%3B%20%2F%2F%20update%20last%20activity%20time%20stamp%20%0A” message=”php code” highlight=”” provider=”manual”/] [ad type=”banner”]

Updating the session data with every request also changes the session file’s modification date hence, the previous sessions are not removed from the data.
Use an additional time stamp to regenerate the session ID periodically to avoid attacks on sessions like session fixation:

[pastacode lang=”php” manual=”if%20(!isset(%24_SESSION%5B’CREATED’%5D))%20%7B%20%24_SESSION%5B’CREATED’%5D%20%3D%20time()%3B%20%7D%20%0Aelse%20if%20(time()%20-%20%24_SESSION%5B’CREATED’%5D%20%3E%201800)%20%7B%20%2F%2F%20session%20started%20more%20than%2030%20minutes%20ago%20session_regenerate_id(true)%3B%0A%20%2F%2F%20change%20session%20ID%20for%20the%20current%20session%20and%20invalidate%20old%20session%20ID%0A%20%24_SESSION%5B’CREATED’%5D%20%3D%20time()%3B%20%0A%2F%2F%20update%20creation%20time%20%7D%20%0A” message=”php code” highlight=”” provider=”manual”/]

SOLUTION 2 :

We can particle sessions after a certain lifespan by using the session.gc_maxlifetime( http://uk3.php.net/manual/en/session.configuration.php#ini.session.gc-maxlifetime)ini setting:

[pastacode lang=”php” manual=”%24_SESSION%5B’example’%5D%20%3D%20array(‘foo’%20%3D%3E%20’bar’%2C%20’registered’%20%3D%3E%20time())%3B%0A%0A%20%2F%2F%20later%20%0A%0Aif%20((time()%20-%20%24_SESSION%5B’example’%5D%5B’registered’%5D)%20%3E%20(60%20*%2030))%0A%20%7B%20%0Aunset(%24_SESSION%5B’example’%5D)%3B%20%0A%7D%20%0A” message=”php code” highlight=”” provider=”manual”/]

SOLUTION 3 :

Is .htaccess file to set the expire time ? Check with the below code:

[pastacode lang=”php” manual=”%3CIfModule%20mod_php5.c%3E%0A%20%23Session%20timeout%20php_value%20session.cookie_lifetime%201800%20php_value%20session.gc_maxlifetime%201800%20%0A%3C%2FIfModule” message=”php code” highlight=”” provider=”manual”/]

SOLUTION 4 :

Here is the another Sample code:

[pastacode lang=”php” manual=”if%20(isSet(%24_SESSION%5B’started’%5D))%0A%7B%20if((mktime()%20-%20%24_SESSION%5B’started’%5D%20-%2060*30)%20%3E%200)%7B%20%0ALogout%2C%20destroy%20session%2C%20etc.%20%0A%7D%20%0A%7D%20%0Aelse%20%0A%7B%20%24_SESSION%5B’started’%5D%20%3D%20mktime()%3B%20%0A%7D%0A” message=”php code” highlight=”” provider=”manual”/]

SOLUTION 5 :

Use the session_set_cookie_params function .

It automatically calls the function before session_start() call.

[pastacode lang=”php” manual=”%24lifetime%20%3D%20strtotime(‘%2B30%20minutes’%2C%200)%3B%20session_set_cookie_params(%24lifetime)%3B%20session_start()%3B%20%0A” message=”php code” highlight=”” provider=”manual”/] [ad type=”banner”]

SOLUTION 6 :

Simply use the below sample code in our include file which loaded in every pages.

[pastacode lang=”php” manual=”%24expiry%20%3D%201800%20%3B%0A%2F%2Fsession%20expiry%20required%20after%2030%20mins%20%0Aif%20(isset(%24_SESSION%5B’LAST’%5D)%20%26%26%20(time()%20-%20%24_SESSION%5B’LAST’%5D%20%3E%20%24expiry))%0A%20%7B%0A%20session_unset()%3B%20%0Asession_destroy()%3B%0A%20%7D%20%0A%24_SESSION%5B’LAST’%5D%20%3D%20time()%3B%20%0A” message=”php code” highlight=”” provider=”manual”/]

SOLUTION 7 :

Store a timestamp in the session

[pastacode lang=”php” manual=”%3C%3Fphp%0A%20%24user%20%3D%20%24_POST%5B’user_name%E2%80%98%5D%0A%20%24pass%20%3D%20%24_POST%5B’user_pass%0Arequire%20(‘db_connection.php’)%3B%20%0A%2F%2F%20Hey%2C%20always%20escape%20input%20if%20necessary!%0A%20%24result%20%3D%20mysql_query(sprintf(%22SELECT%20*%20FROM%20accounts%20WHERE%20user_Name%3D’%25s’%20AND%20user_Pass%3D’%25s’%22%2C%20mysql_real_escape_string(%24user)%2C%20mysql_real_escape_string(%24pass))%3B%20%0Aif(%20mysql_num_rows(%20%24result%20)%20%3E%200)%0A%20%7B%0A%20%24array%20%3D%20mysql_fetch_assoc(%24result)%3B%0A%20session_start()%3B%0A%20%24_SESSION%5B’user_id’%5D%20%3D%20%24user%3B%0A%20%24_SESSION%5B’login_time’%5D%20%3D%20time()%3B%20%0Aheader(%22Location%3Aloggedin.php%22)%3B%0A%20%7D%20%0AElse%0A%20%7B%20header(%22Location%3Alogin.php%22)%3B%20%0A%7D%20%0A%3F%3E%20%0A” message=”php code” highlight=”” provider=”manual”/]

Now, Check if the timestamp is within the allowed time window (1800 seconds is 30 minutes)

[pastacode lang=”php” manual=”%3C%3Fphp%20session_start()%3B%0A%20if(%20!isset(%20%24_SESSION%5B’user_id’%5D%20)%20%7C%7C%20time()%20-%20%24_SESSION%5B’login_time’%5D%20%3E%201800)%20%0A%7B%0A%20header(%22Location%3Alogin.php%22)%3B%20%0A%7D%20%0Aelse%20%0A%7B%20%2F%2F%20uncomment%20the%20next%20line%20to%20refresh%20the%20session%2C%20so%20it%20will%20expire%20after%20thirteen%20minutes%20of%20inactivity%2C%20and%20not%20thirteen%20minutes%20after%20login%20%2F%2F%24_SESSION%5B’login_time’%5D%20%3D%20time()%3B%0A%20echo%20(%20%22this%20session%20is%20%22.%20%24_SESSION%5B’user_id’%5D%20)%3B%20%0A%2F%2Fshow%20rest%20of%20the%20page%20and%20all%20other%20content%20%7D%0A%20%3F%3E%20%0A” message=”php code” highlight=”” provider=”manual”/]

Tags:

Expire php session variable after period of time How do I expire a PHP session after 30 minutes?PHP - make session expire after X minutes PHP Expire Session after 5 minutes PHP Session expire after x minutes of inactivity php session expires randomly after a few minutes PHP session expiring after 40 minutes php session variables expire after 30 mins Reference - What does this symbol mean in PHP?Should a PHP session expire after 30 minutes without closing the browser?

[Solved- 7 Answers] How to expire a PHP session after 30 minutes?

Tags:

Wikitechy Editor

Other Articles

[Solved- 4 Answers] how to set select element as readonly

[Solved –10 Answers] How to get the client IP address in PHP

No Comment! Be the first one.

Leave a Reply

Popular Posts

How to Install TWRP Recovery and Root Mi5s & Mi5s Plus

Download Huawei P9 Lite Android Nougat Update [B336]

How to Downgrade Honor 5c from Nougat to Marshmallow

Download ZTE Axon 7 Android 7.1 Nougat Update (MiFavor 4.2)(B13)

Categories

Related Posts

[ Solved -10 Answers] PHP How to enable PHP short tags

nginx error connect to php5-fpm.sock failed (13: Permission denied)

exec() vs system() vs passthru()

Type and hit Enter to search

Type and hit Enter to search

[Solved- 7 Answers] How to expire a PHP session after 30 minutes?

Tags:

Share Article

Other Articles

No Comment! Be the first one.

Leave a Reply

Popular Posts

Categories

Related Posts