I am using a session to stop people bypassing the login page. However, i would like to set the session to expire after say 10 minutes of inactivity by the user to add extra security.
Any pointers?
At the moment, all my session does is this: (i only have on set username and password).
session_start();
if (! isset($_SESSION['seshname'])) {
header ('location: login.php');
}
Session - set timeout
Moderator: General Moderators
Depending on how you manage your sessions, a quick fix might simply be to set your session.gc_maxlifetime in the php.ini file.
or do an ini_set():
or do an ini_set():
Code: Select all
<?php
// default is 1440, which is 24 minutes
ini_set("session.gc_maxlifetime","1440");
?>- RobertGonzalez
- Site Administrator
- Posts: 14293
- Joined: Tue Sep 09, 2003 6:04 pm
- Location: Fremont, CA, USA
If you want a 10 minute window, do it code-side like Feyd said. When you set your session vars on login, set a session var that houses the time it is now...
Then on your subsequent pages, check to see if 'activity_time' is within 10 minutes...
Code: Select all
<?php
$_SESSION['activity_time'] = time();
?>Code: Select all
<?php
if ( isset($_SESSION['activity_time']) )
{
if ( time() - $_SESSION['activity_time'] < 600 )
{
// Reset activity time here to time() because it hasn't been 10 minutes
}
else
{
header('Location: http://www.mysite.com/logout.php');
}
}
else
{
header('Location: http://www.mysite.com/logout.php');
}
?>