{"id":190,"date":"2017-03-14T07:15:54","date_gmt":"2017-03-14T07:15:54","guid":{"rendered":"https:\/\/www.wikitechy.com\/technology\/?p=190"},"modified":"2017-10-15T14:13:10","modified_gmt":"2017-10-15T08:43:10","slug":"expire-a-php-session-after-30-minutes","status":"publish","type":"post","link":"https:\/\/www.wikitechy.com\/technology\/expire-a-php-session-after-30-minutes\/","title":{"rendered":"[Solved- 7 Answers] How to expire a PHP session after 30 minutes?"},"content":{"rendered":"<p><label class=\"label label-warning\">PROBLEM :<\/label><\/p>\n<p>We need to keep a session alive for 30 minutes and then destroy it?<\/p>\n<p><label class=\"label label-info\">SOLUTION 1 :<\/label><\/p>\n<p>We need to implement our session timeout. The options are(session.gc_maxlifetime\u00a0and<br \/>\nsession.cookie_lifetime)(http:\/\/php.net\/manual\/en\/session.configuration.php#ini.session.gc-maxlifetime) are not reliable<\/p>\n<p>.<span style=\"color: #800000;\"><strong>First Option:<\/strong><\/span><br \/>\n<strong>session.gc_maxlifetime<\/strong><\/p>\n<ul>\n<li style=\"text-align: left;\">session.gc_maxlifetime\u00a0specifies the number of seconds after which data will be seen as &#8216;garbage&#8217; and cleaned up. Garbage collection occurs during session start.<\/li>\n<\/ul>\n<p><span style=\"color: #ff6600;\"><strong>Second Option:<\/strong><\/span><br \/>\n<strong>session.cookie_lifetime<\/strong><\/p>\n<ul>\n<li>session.cookie_lifetime\u00a0specifies the lifetime of the cookie in seconds which is sent to the browser.<\/li>\n<\/ul>\n<p><span style=\"color: #800080;\"><strong>Best solution:<\/strong><\/span><\/p>\n<ul>\n<li>Use a simple time stamp that denotes the time of the last activity (i.e. request) and update it with every request:<\/li>\n<\/ul>\n<div class=\"code-embed-wrapper\"> <div class=\"code-embed-infos\"> <span class=\"code-embed-name\">php code<\/span> <\/div> <pre class=\"language-php code-embed-pre line-numbers\"  data-start=\"1\" data-line-offset=\"0\"><code class=\"language-php code-embed-code\">if (isset($_SESSION[&#039;LAST_ACTIVITY&#039;]) &amp;&amp; (time() - $_SESSION[&#039;LAST_ACTIVITY&#039;] &gt; 1800)) {<br\/> \/\/ last request was more than 30 minutes ago <br\/>session_unset(); \/\/ unset $_SESSION variable for the run-time<br\/>session_destroy(); \/\/ destroy session data in storage }<br\/>$_SESSION[&#039;LAST_ACTIVITY&#039;] = time(); \/\/ update last activity time stamp <\/code><\/pre> <\/div>\n[ad type=&#8221;banner&#8221;]\n<ul>\n<li>Updating the session data with every request also changes the session file&#8217;s modification date hence, the previous sessions are not removed from the data.<\/li>\n<li>Use an additional time stamp to regenerate the session ID periodically to avoid attacks on sessions like session fixation:<\/li>\n<\/ul>\n<div class=\"code-embed-wrapper\"> <div class=\"code-embed-infos\"> <span class=\"code-embed-name\">php code<\/span> <\/div> <pre class=\"language-php code-embed-pre line-numbers\"  data-start=\"1\" data-line-offset=\"0\"><code class=\"language-php code-embed-code\">if (!isset($_SESSION[&#039;CREATED&#039;])) { $_SESSION[&#039;CREATED&#039;] = time(); } <br\/>else if (time() - $_SESSION[&#039;CREATED&#039;] &gt; 1800) { \/\/ session started more than 30 minutes ago session_regenerate_id(true);<br\/> \/\/ change session ID for the current session and invalidate old session ID<br\/> $_SESSION[&#039;CREATED&#039;] = time(); <br\/>\/\/ update creation time } <\/code><\/pre> <\/div>\n<p><label class=\"label label-info\">SOLUTION 2 :<\/label><\/p>\n<p>We can particle sessions after a certain lifespan by using the\u00a0session.gc_maxlifetime( http:\/\/uk3.php.net\/manual\/en\/session.configuration.php#ini.session.gc-maxlifetime)ini setting:<\/p>\n<div class=\"code-embed-wrapper\"> <div class=\"code-embed-infos\"> <span class=\"code-embed-name\">php code<\/span> <\/div> <pre class=\"language-php code-embed-pre line-numbers\"  data-start=\"1\" data-line-offset=\"0\"><code class=\"language-php code-embed-code\">$_SESSION[&#039;example&#039;] = array(&#039;foo&#039; =&gt; &#039;bar&#039;, &#039;registered&#039; =&gt; time());<br\/><br\/> \/\/ later <br\/><br\/>if ((time() - $_SESSION[&#039;example&#039;][&#039;registered&#039;]) &gt; (60 * 30))<br\/> { <br\/>unset($_SESSION[&#039;example&#039;]); <br\/>} <\/code><\/pre> <\/div>\n<p><label class=\"label label-info\">SOLUTION 3 :<\/label><\/p>\n<ul>\n<li>Is .htaccess file to set the expire time ? Check with the below code:<\/li>\n<\/ul>\n<div class=\"code-embed-wrapper\"> <div class=\"code-embed-infos\"> <span class=\"code-embed-name\">php code<\/span> <\/div> <pre class=\"language-php code-embed-pre line-numbers\"  data-start=\"1\" data-line-offset=\"0\"><code class=\"language-php code-embed-code\">&lt;IfModule mod_php5.c&gt;<br\/> #Session timeout php_value session.cookie_lifetime 1800 php_value session.gc_maxlifetime 1800 <br\/>&lt;\/IfModule<\/code><\/pre> <\/div>\n<p><label class=\"label label-info\">SOLUTION 4 :<\/label><\/p>\n<ul>\n<li>Here is the another Sample code:<\/li>\n<\/ul>\n<div class=\"code-embed-wrapper\"> <div class=\"code-embed-infos\"> <span class=\"code-embed-name\">php code<\/span> <\/div> <pre class=\"language-php code-embed-pre line-numbers\"  data-start=\"1\" data-line-offset=\"0\"><code class=\"language-php code-embed-code\">if (isSet($_SESSION[&#039;started&#039;]))<br\/>{ if((mktime() - $_SESSION[&#039;started&#039;] - 60*30) &gt; 0){ <br\/>Logout, destroy session, etc. <br\/>} <br\/>} <br\/>else <br\/>{ $_SESSION[&#039;started&#039;] = mktime(); <br\/>}<\/code><\/pre> <\/div>\n<p><label class=\"label label-info\">SOLUTION 5 :<\/label><\/p>\n<ul>\n<li>Use the session_set_cookie_params function .<\/li>\n<\/ul>\n<ul>\n<li>It automatically calls the function before session_start() call.<\/li>\n<\/ul>\n<div class=\"code-embed-wrapper\"> <div class=\"code-embed-infos\"> <span class=\"code-embed-name\">php code<\/span> <\/div> <pre class=\"language-php code-embed-pre line-numbers\"  data-start=\"1\" data-line-offset=\"0\"><code class=\"language-php code-embed-code\">$lifetime = strtotime(&#039;+30 minutes&#039;, 0); session_set_cookie_params($lifetime); session_start(); <\/code><\/pre> <\/div>\n[ad type=&#8221;banner&#8221;]\n<p><label class=\"label label-info\">SOLUTION 6 :<\/label><\/p>\n<ul>\n<li>Simply use the below sample code in our include file which loaded in every pages.<\/li>\n<\/ul>\n<div class=\"code-embed-wrapper\"> <div class=\"code-embed-infos\"> <span class=\"code-embed-name\">php code<\/span> <\/div> <pre class=\"language-php code-embed-pre line-numbers\"  data-start=\"1\" data-line-offset=\"0\"><code class=\"language-php code-embed-code\">$expiry = 1800 ;<br\/>\/\/session expiry required after 30 mins <br\/>if (isset($_SESSION[&#039;LAST&#039;]) &amp;&amp; (time() - $_SESSION[&#039;LAST&#039;] &gt; $expiry))<br\/> {<br\/> session_unset(); <br\/>session_destroy();<br\/> } <br\/>$_SESSION[&#039;LAST&#039;] = time(); <\/code><\/pre> <\/div>\n<p><label class=\"label label-info\">SOLUTION 7 :<\/label><\/p>\n<ul>\n<li>Store a timestamp in the session<\/li>\n<\/ul>\n<div class=\"code-embed-wrapper\"> <div class=\"code-embed-infos\"> <span class=\"code-embed-name\">php code<\/span> <\/div> <pre class=\"language-php code-embed-pre line-numbers\"  data-start=\"1\" data-line-offset=\"0\"><code class=\"language-php code-embed-code\">&lt;?php<br\/> $user = $_POST[&#039;user_name\u2018]<br\/> $pass = $_POST[&#039;user_pass<br\/>require (&#039;db_connection.php&#039;); <br\/>\/\/ Hey, always escape input if necessary!<br\/> $result = mysql_query(sprintf(&quot;SELECT * FROM accounts WHERE user_Name=&#039;%s&#039; AND user_Pass=&#039;%s&#039;&quot;, mysql_real_escape_string($user), mysql_real_escape_string($pass)); <br\/>if( mysql_num_rows( $result ) &gt; 0)<br\/> {<br\/> $array = mysql_fetch_assoc($result);<br\/> session_start();<br\/> $_SESSION[&#039;user_id&#039;] = $user;<br\/> $_SESSION[&#039;login_time&#039;] = time(); <br\/>header(&quot;Location:loggedin.php&quot;);<br\/> } <br\/>Else<br\/> { header(&quot;Location:login.php&quot;); <br\/>} <br\/>?&gt; <\/code><\/pre> <\/div>\n<ul>\n<li>Now, Check if the timestamp is within the allowed time window (1800 seconds is 30 minutes)<\/li>\n<\/ul>\n<div class=\"code-embed-wrapper\"> <div class=\"code-embed-infos\"> <span class=\"code-embed-name\">php code<\/span> <\/div> <pre class=\"language-php code-embed-pre line-numbers\"  data-start=\"1\" data-line-offset=\"0\"><code class=\"language-php code-embed-code\">&lt;?php session_start();<br\/> if( !isset( $_SESSION[&#039;user_id&#039;] ) || time() - $_SESSION[&#039;login_time&#039;] &gt; 1800) <br\/>{<br\/> header(&quot;Location:login.php&quot;); <br\/>} <br\/>else <br\/>{ \/\/ uncomment the next line to refresh the session, so it will expire after thirteen minutes of inactivity, and not thirteen minutes after login \/\/$_SESSION[&#039;login_time&#039;] = time();<br\/> echo ( &quot;this session is &quot;. $_SESSION[&#039;user_id&#039;] ); <br\/>\/\/show rest of the page and all other content }<br\/> ?&gt; <\/code><\/pre> <\/div>\n","protected":false},"excerpt":{"rendered":"<p>[Solved- 7 Answers] PHP &#8211; How to expire a PHP session after 30 minutes?-We need to keep a session alive for 30 minutes and then destroy it<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[83479,25,83478],"tags":[411,403,405,407,409,412,410,406,404,408],"class_list":["post-190","post","type-post","status-publish","format-standard","hentry","category-cookies","category-php","category-session","tag-expire-php-session-variable-after-period-of-time","tag-how-do-i-expire-a-php-session-after-30-minutes","tag-php-make-session-expire-after-x-minutes","tag-php-expire-session-after-5-minutes","tag-php-session-expire-after-x-minutes-of-inactivity","tag-php-session-expires-randomly-after-a-few-minutes","tag-php-session-expiring-after-40-minutes","tag-php-session-variables-expire-after-30-mins","tag-reference-what-does-this-symbol-mean-in-php","tag-should-a-php-session-expire-after-30-minutes-without-closing-the-browser"],"_links":{"self":[{"href":"https:\/\/www.wikitechy.com\/technology\/wp-json\/wp\/v2\/posts\/190","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.wikitechy.com\/technology\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.wikitechy.com\/technology\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.wikitechy.com\/technology\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.wikitechy.com\/technology\/wp-json\/wp\/v2\/comments?post=190"}],"version-history":[{"count":0,"href":"https:\/\/www.wikitechy.com\/technology\/wp-json\/wp\/v2\/posts\/190\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.wikitechy.com\/technology\/wp-json\/wp\/v2\/media?parent=190"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.wikitechy.com\/technology\/wp-json\/wp\/v2\/categories?post=190"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.wikitechy.com\/technology\/wp-json\/wp\/v2\/tags?post=190"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}