Session - set timeout

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
richo
Forum Commoner
Posts: 58
Joined: Sun Aug 06, 2006 11:56 am

Session - set timeout

Post by richo »

I am using a session to stop people bypassing the login page. However, i would like to set the session to expire after say 10 minutes of inactivity by the user to add extra security.

Any pointers?

At the moment, all my session does is this: (i only have on set username and password).

session_start();
if (! isset($_SESSION['seshname'])) {
header ('location: login.php');
}
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Store the last page request time in the session. It doesn't exist, boot'em. It's too old, boot'em.
richo
Forum Commoner
Posts: 58
Joined: Sun Aug 06, 2006 11:56 am

Post by richo »

So you have to do like a time stamp?
User avatar
themurph
Forum Commoner
Posts: 76
Joined: Wed Apr 19, 2006 1:56 pm
Contact:

Post by themurph »

Depending on how you manage your sessions, a quick fix might simply be to set your session.gc_maxlifetime in the php.ini file.

or do an ini_set():

Code: Select all

<?php 

// default is 1440, which is 24 minutes 
ini_set("session.gc_maxlifetime","1440"); 

?>
toasty2
Forum Contributor
Posts: 361
Joined: Wed Aug 03, 2005 10:28 am
Location: Arkansas, USA

Post by toasty2 »

Every page request you could write the current time to a session variable, then on the next page request check how much time has passed since the last page request, then delete the session if it's been too long.

Edit: Like feyd said.
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

If you want a 10 minute window, do it code-side like Feyd said. When you set your session vars on login, set a session var that houses the time it is now...

Code: Select all

<?php
$_SESSION['activity_time'] = time();
?>
Then on your subsequent pages, check to see if 'activity_time' is within 10 minutes...

Code: Select all

<?php
if ( isset($_SESSION['activity_time']) )
{
    if ( time() - $_SESSION['activity_time'] < 600 )
    {
        // Reset activity time here to time() because it hasn't been 10 minutes
    }
    else
    {
        header('Location: http://www.mysite.com/logout.php');
    }
}
else
{
    header('Location: http://www.mysite.com/logout.php');
}
?>
richo
Forum Commoner
Posts: 58
Joined: Sun Aug 06, 2006 11:56 am

Post by richo »

cheers Everah, that's uber helpful! :D

When looking on the web i found allot about the session.gc_maxlifetime. And then i found a timestamp method (something i had heard of in other languages) but the example look overly complex.

Your method is clean and efficient! Many thanks. :D
Post Reply