{"id":190,"date":"2017-03-14T07:15:54","date_gmt":"2017-03-14T07:15:54","guid":{"rendered":"https:\/\/www.wikitechy.com\/technology\/?p=190"},"modified":"2017-10-15T14:13:10","modified_gmt":"2017-10-15T08:43:10","slug":"expire-a-php-session-after-30-minutes","status":"publish","type":"post","link":"https:\/\/www.wikitechy.com\/technology\/expire-a-php-session-after-30-minutes\/","title":{"rendered":"[Solved- 7 Answers] How to expire a PHP session after 30 minutes?"},"content":{"rendered":"<p><label class=\"label label-warning\">PROBLEM :<\/label><\/p>\n<p>We need to keep a session alive for 30 minutes and then destroy it?<\/p>\n<p><label class=\"label label-info\">SOLUTION 1 :<\/label><\/p>\n<p>We need to implement our session timeout. The options are(session.gc_maxlifetime\u00a0and<br \/>\nsession.cookie_lifetime)(http:\/\/php.net\/manual\/en\/session.configuration.php#ini.session.gc-maxlifetime) are not reliable<\/p>\n<p>.<span style=\"color: #800000;\"><strong>First Option:<\/strong><\/span><br \/>\n<strong>session.gc_maxlifetime<\/strong><\/p>\n<ul>\n<li style=\"text-align: left;\">session.gc_maxlifetime\u00a0specifies the number of seconds after which data will be seen as \u2018garbage\u2019 and cleaned up. Garbage collection occurs during session start.<\/li>\n<\/ul>\n<p><span style=\"color: #ff6600;\"><strong>Second Option:<\/strong><\/span><br \/>\n<strong>session.cookie_lifetime<\/strong><\/p>\n<ul>\n<li>session.cookie_lifetime\u00a0specifies the lifetime of the cookie in seconds which is sent to the browser.<\/li>\n<\/ul>\n<p><span style=\"color: #800080;\"><strong>Best solution:<\/strong><\/span><\/p>\n<ul>\n<li>Use a simple time stamp that denotes the time of the last activity (i.e. request) and update it with every request:<\/li>\n<\/ul>\n[pastacode lang=\u201dphp\u201d manual=\u201dif%20(isset(%24_SESSION%5B\u2019LAST_ACTIVITY\u2019%5D)%20%26%26%20(time()%20-%20%24_SESSION%5B\u2019LAST_ACTIVITY\u2019%5D%20%3E%201800))%20%7B%0A%20%2F%2F%20last%20request%20was%20more%20than%2030%20minutes%20ago%20%0Asession_unset()%3B%20%2F%2F%20unset%20%24_SESSION%20variable%20for%20the%20run-time%0Asession_destroy()%3B%20%2F%2F%20destroy%20session%20data%20in%20storage%20%7D%0A%24_SESSION%5B\u2019LAST_ACTIVITY\u2019%5D%20%3D%20time()%3B%20%2F%2F%20update%20last%20activity%20time%20stamp%20%0A\u201d message=\u201dphp code\u201d highlight=\u201d\u201d provider=\u201dmanual\u201d\/]\n[ad type=\u201dbanner\u201d]\n<ul>\n<li>Updating the session data with every request also changes the session file\u2019s modification date hence, the previous sessions are not removed from the data.<\/li>\n<li>Use an additional time stamp to regenerate the session ID periodically to avoid attacks on sessions like session fixation:<\/li>\n<\/ul>\n[pastacode lang=\u201dphp\u201d manual=\u201dif%20(!isset(%24_SESSION%5B\u2019CREATED\u2019%5D))%20%7B%20%24_SESSION%5B\u2019CREATED\u2019%5D%20%3D%20time()%3B%20%7D%20%0Aelse%20if%20(time()%20-%20%24_SESSION%5B\u2019CREATED\u2019%5D%20%3E%201800)%20%7B%20%2F%2F%20session%20started%20more%20than%2030%20minutes%20ago%20session_regenerate_id(true)%3B%0A%20%2F%2F%20change%20session%20ID%20for%20the%20current%20session%20and%20invalidate%20old%20session%20ID%0A%20%24_SESSION%5B\u2019CREATED\u2019%5D%20%3D%20time()%3B%20%0A%2F%2F%20update%20creation%20time%20%7D%20%0A\u201d message=\u201dphp code\u201d highlight=\u201d\u201d provider=\u201dmanual\u201d\/]\n<p><label class=\"label label-info\">SOLUTION 2 :<\/label><\/p>\n<p>We can particle sessions after a certain lifespan by using the\u00a0session.gc_maxlifetime( http:\/\/uk3.php.net\/manual\/en\/session.configuration.php#ini.session.gc-maxlifetime)ini setting:<\/p>\n[pastacode lang=\u201dphp\u201d manual=\u201d%24_SESSION%5B\u2019example\u2019%5D%20%3D%20array(\u2018foo\u2019%20%3D%3E%20\u2019bar\u2019%2C%20\u2019registered\u2019%20%3D%3E%20time())%3B%0A%0A%20%2F%2F%20later%20%0A%0Aif%20((time()%20-%20%24_SESSION%5B\u2019example\u2019%5D%5B\u2019registered\u2019%5D)%20%3E%20(60%20*%2030))%0A%20%7B%20%0Aunset(%24_SESSION%5B\u2019example\u2019%5D)%3B%20%0A%7D%20%0A\u201d message=\u201dphp code\u201d highlight=\u201d\u201d provider=\u201dmanual\u201d\/]\n<p><label class=\"label label-info\">SOLUTION 3 :<\/label><\/p>\n<ul>\n<li>Is .htaccess file to set the expire time ? Check with the below code:<\/li>\n<\/ul>\n[pastacode lang=\u201dphp\u201d manual=\u201d%3CIfModule%20mod_php5.c%3E%0A%20%23Session%20timeout%20php_value%20session.cookie_lifetime%201800%20php_value%20session.gc_maxlifetime%201800%20%0A%3C%2FIfModule\u201d message=\u201dphp code\u201d highlight=\u201d\u201d provider=\u201dmanual\u201d\/]\n<p><label class=\"label label-info\">SOLUTION 4 :<\/label><\/p>\n<ul>\n<li>Here is the another Sample code:<\/li>\n<\/ul>\n[pastacode lang=\u201dphp\u201d manual=\u201dif%20(isSet(%24_SESSION%5B\u2019started\u2019%5D))%0A%7B%20if((mktime()%20-%20%24_SESSION%5B\u2019started\u2019%5D%20-%2060*30)%20%3E%200)%7B%20%0ALogout%2C%20destroy%20session%2C%20etc.%20%0A%7D%20%0A%7D%20%0Aelse%20%0A%7B%20%24_SESSION%5B\u2019started\u2019%5D%20%3D%20mktime()%3B%20%0A%7D%0A\u201d message=\u201dphp code\u201d highlight=\u201d\u201d provider=\u201dmanual\u201d\/]\n<p><label class=\"label label-info\">SOLUTION 5 :<\/label><\/p>\n<ul>\n<li>Use the session_set_cookie_params function .<\/li>\n<\/ul>\n<ul>\n<li>It automatically calls the function before session_start() call.<\/li>\n<\/ul>\n[pastacode lang=\u201dphp\u201d manual=\u201d%24lifetime%20%3D%20strtotime(\u2018%2B30%20minutes\u2019%2C%200)%3B%20session_set_cookie_params(%24lifetime)%3B%20session_start()%3B%20%0A\u201d message=\u201dphp code\u201d highlight=\u201d\u201d provider=\u201dmanual\u201d\/]\n[ad type=\u201dbanner\u201d]\n<p><label class=\"label label-info\">SOLUTION 6 :<\/label><\/p>\n<ul>\n<li>Simply use the below sample code in our include file which loaded in every pages.<\/li>\n<\/ul>\n[pastacode lang=\u201dphp\u201d manual=\u201d%24expiry%20%3D%201800%20%3B%0A%2F%2Fsession%20expiry%20required%20after%2030%20mins%20%0Aif%20(isset(%24_SESSION%5B\u2019LAST\u2019%5D)%20%26%26%20(time()%20-%20%24_SESSION%5B\u2019LAST\u2019%5D%20%3E%20%24expiry))%0A%20%7B%0A%20session_unset()%3B%20%0Asession_destroy()%3B%0A%20%7D%20%0A%24_SESSION%5B\u2019LAST\u2019%5D%20%3D%20time()%3B%20%0A\u201d message=\u201dphp code\u201d highlight=\u201d\u201d provider=\u201dmanual\u201d\/]\n<p><label class=\"label label-info\">SOLUTION 7 :<\/label><\/p>\n<ul>\n<li>Store a timestamp in the session<\/li>\n<\/ul>\n[pastacode lang=\u201dphp\u201d manual=\u201d%3C%3Fphp%0A%20%24user%20%3D%20%24_POST%5B\u2019user_name%E2%80%98%5D%0A%20%24pass%20%3D%20%24_POST%5B\u2019user_pass%0Arequire%20(\u2018db_connection.php\u2019)%3B%20%0A%2F%2F%20Hey%2C%20always%20escape%20input%20if%20necessary!%0A%20%24result%20%3D%20mysql_query(sprintf(%22SELECT%20*%20FROM%20accounts%20WHERE%20user_Name%3D\u2019%25s\u2019%20AND%20user_Pass%3D\u2019%25s\u2019%22%2C%20mysql_real_escape_string(%24user)%2C%20mysql_real_escape_string(%24pass))%3B%20%0Aif(%20mysql_num_rows(%20%24result%20)%20%3E%200)%0A%20%7B%0A%20%24array%20%3D%20mysql_fetch_assoc(%24result)%3B%0A%20session_start()%3B%0A%20%24_SESSION%5B\u2019user_id\u2019%5D%20%3D%20%24user%3B%0A%20%24_SESSION%5B\u2019login_time\u2019%5D%20%3D%20time()%3B%20%0Aheader(%22Location%3Aloggedin.php%22)%3B%0A%20%7D%20%0AElse%0A%20%7B%20header(%22Location%3Alogin.php%22)%3B%20%0A%7D%20%0A%3F%3E%20%0A\u201d message=\u201dphp code\u201d highlight=\u201d\u201d provider=\u201dmanual\u201d\/]\n<ul>\n<li>Now, Check if the timestamp is within the allowed time window (1800 seconds is 30 minutes)<\/li>\n<\/ul>\n[pastacode lang=\u201dphp\u201d manual=\u201d%3C%3Fphp%20session_start()%3B%0A%20if(%20!isset(%20%24_SESSION%5B\u2019user_id\u2019%5D%20)%20%7C%7C%20time()%20-%20%24_SESSION%5B\u2019login_time\u2019%5D%20%3E%201800)%20%0A%7B%0A%20header(%22Location%3Alogin.php%22)%3B%20%0A%7D%20%0Aelse%20%0A%7B%20%2F%2F%20uncomment%20the%20next%20line%20to%20refresh%20the%20session%2C%20so%20it%20will%20expire%20after%20thirteen%20minutes%20of%20inactivity%2C%20and%20not%20thirteen%20minutes%20after%20login%20%2F%2F%24_SESSION%5B\u2019login_time\u2019%5D%20%3D%20time()%3B%0A%20echo%20(%20%22this%20session%20is%20%22.%20%24_SESSION%5B\u2019user_id\u2019%5D%20)%3B%20%0A%2F%2Fshow%20rest%20of%20the%20page%20and%20all%20other%20content%20%7D%0A%20%3F%3E%20%0A\u201d message=\u201dphp code\u201d highlight=\u201d\u201d provider=\u201dmanual\u201d\/]\n","protected":false},"excerpt":{"rendered":"<p>[Solved- 7 Answers] PHP &#8211; How to expire a PHP session after 30 minutes?-We need to keep a session alive for 30 minutes and then destroy it<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[83479,25,83478],"tags":[411,403,405,407,409,412,410,406,404,408],"class_list":["post-190","post","type-post","status-publish","format-standard","hentry","category-cookies","category-php","category-session","tag-expire-php-session-variable-after-period-of-time","tag-how-do-i-expire-a-php-session-after-30-minutes","tag-php-make-session-expire-after-x-minutes","tag-php-expire-session-after-5-minutes","tag-php-session-expire-after-x-minutes-of-inactivity","tag-php-session-expires-randomly-after-a-few-minutes","tag-php-session-expiring-after-40-minutes","tag-php-session-variables-expire-after-30-mins","tag-reference-what-does-this-symbol-mean-in-php","tag-should-a-php-session-expire-after-30-minutes-without-closing-the-browser"],"_links":{"self":[{"href":"https:\/\/www.wikitechy.com\/technology\/wp-json\/wp\/v2\/posts\/190","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.wikitechy.com\/technology\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.wikitechy.com\/technology\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.wikitechy.com\/technology\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.wikitechy.com\/technology\/wp-json\/wp\/v2\/comments?post=190"}],"version-history":[{"count":0,"href":"https:\/\/www.wikitechy.com\/technology\/wp-json\/wp\/v2\/posts\/190\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.wikitechy.com\/technology\/wp-json\/wp\/v2\/media?parent=190"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.wikitechy.com\/technology\/wp-json\/wp\/v2\/categories?post=190"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.wikitechy.com\/technology\/wp-json\/wp\/v2\/tags?post=190"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}