Session Timeout
Moderator: General Moderators
Session Timeout
How do I set a session timeout in PHP? Some people suggested changing the 'session.gc_maxlifetime' variable in the 'php.ini' file. The value of that variable in my php.ini file is 1440, which is 24 minutes but the sessions on my website don't time out for days unless i log off.
- RobertGonzalez
- Site Administrator
- Posts: 14293
- Joined: Tue Sep 09, 2003 6:04 pm
- Location: Fremont, CA, USA
this is how i have it set up - as soon as the user logs in, the following lines of code are run. Then on every page that uses this session, I have the session_start() line at the top.
I agree with you - I would also prefer not to mess with the php.ini file settings and the garbage collection mechanism. Thanks...
Code: Select all
<?php
$session['id']=session_id();
$_SESSION['username']=$_POST['username'];
$_SESSION['first_name']=$rec['first_name']
?>- RobertGonzalez
- Site Administrator
- Posts: 14293
- Joined: Tue Sep 09, 2003 6:04 pm
- Location: Fremont, CA, USA
- aaronhall
- DevNet Resident
- Posts: 1040
- Joined: Tue Aug 13, 2002 5:10 pm
- Location: Back in Phoenix, missing the microbrews
- Contact:
Very simple solution, as feyd already pointed out: as soon as the user is authenticated and "logs in", store the timestamp (accessible via time) as a session variable (this represents the time the user logged in). On every page, calculate how long the user has been logged in, and if this is longer than xxx seconds, kill the session and forward to the login page.
I don't if I'm doing this right - I have the following lines of code that are run when a user logs in successfully:
Then, on each page, I check
If this condition is true, it should log out and redirect to the login page, otherwise the user can continue to remain on the page. But it doesn't seem to work...
Code: Select all
<?php
$_SESSION['username']=$_POST['username'];
$_SESSION['first_name']=$rec['first_name'];
$_SESSION['time']=time();
$_SESSION['timeout']=time()+300;
?>Code: Select all
if ($_SESSION['time']==$_SESSION['timeout'])- RobertGonzalez
- Site Administrator
- Posts: 14293
- Joined: Tue Sep 09, 2003 6:04 pm
- Location: Fremont, CA, USA
Code: Select all
<?php
session_start();
$session_gap = 600; // Ten minutes
if (time() - $_SESSION['time'] > $session_gap)
{
// it has been more than 10 minutes, kick them out
}
else
{
// It has not been more than 10 minutes, update their session time
$_SESSION['time'] = time();
}
?>