0

I have a single form for login for both admin and general users. I would like to time the sessions out after 30 minutes how would I amend my current code to do that?

<?php
    session_start(); //Start the session
    define(ADMIN,$_SESSION['username']); //Get the user name from the previously registered super global variable

    if(!session_is_registered("admin")){ //If session not registered
        header("location:../index.php"); // Redirect to login.php page
    }
?>
Matt Clark
  • 27,671
  • 19
  • 68
  • 123
pixelJockey
  • 321
  • 1
  • 5
  • 18
  • 1
    Duplicate of http://stackoverflow.com/questions/520237/how-do-i-expire-a-php-session-after-30-minutes – dtbarne Dec 06 '12 at 03:40

3 Answers3

3

Here is the code to clear the session for a specified time.

To clear the inactive session, you have to renew the session timeout every page. Hope it helps.

For reference, http://bytes.com/topic/php/insights/889606-setting-timeout-php-sessions

session_start();
$timeout = 60; // Number of seconds until it times out.

// Check if the timeout field exists.
if(isset($_SESSION['timeout'])) {
    // See if the number of seconds since the last
    // visit is larger than the timeout period.
    $duration = time() - (int)$_SESSION['timeout'];
    if($duration > $timeout) {
        // Destroy the session and restart it.
        session_destroy();
        session_start();
    }
}

// Update the timout field with the current time.
$_SESSION['timeout'] = time();
Roger Ng
  • 771
  • 11
  • 28
1

Via the runtime configuration item session.cookie_lifetime or function session_set_cookie_params()

Scuzzy
  • 12,186
  • 1
  • 46
  • 46
  • 1
    That is only the lifetime of the client cookie. `session.gc_maxlifetime` sets the lifetime server-side. – Michael Dec 06 '12 at 03:30
  • Good suggestion, I've done all mine in SQL so I've got total control over my sessions :3 – Scuzzy Dec 06 '12 at 03:59
0
if ($_SESSION['timeout'] + 30 * 60 < time()) {
     // 30 min timeout
  }
Hüseyin Demirtaş
  • 56
  • 2