session_destroy() after certain amount of time in PHP

Question

I am currently saving a session in my form page:

$testingvalue = "SESSION TEST";

$_SESSION['testing'] = $testingvalue;

On another page I am calling the session to use the value:

<?php
session_start(); // make sure there is a session

echo $_SESSION['testing']; //prints SESSION TEST???
?>

Now I want to use the

session_destroy();

to destroy the session. But what I would like to do is destroy the session after 2 hours have been passed.

Any idea on how to do it and also where should I put it?

I have something like this:

 <?php
session_start();

// 2 hours in seconds
$inactive = 7200; 

$session_life = time() - $_session['testing'];

if($session_life > $inactive)
{  
 session_destroy(); 
}

$_session['testing']=time();
    
    echo $_SESSION['testing']; //prints NOTHING?
    ?>

Will that work?

If I am inactive for more than 2 hours this should be blank?:

echo $_SESSION['testing'];

sessions have something called `timeout`. Use destroy after a logout - or when yu want to destroy the session manually, in other words - when you want to destroy it before the time of its life has passed. — ducin, Jun 18 '13 at 21:29
use session_set_cookie_params ( int $lifetime); for your example the lifetime would be 7200 seconds — Orangepill, Jun 18 '13 at 21:33
What I am looking to do is if the user comes back to the page after 2 hours the session won't keep anything. — Si8, Jun 18 '13 at 21:33
@MikeW Thank you for pointing it out but it's only for example purpose only. — Si8, Jun 18 '13 at 21:35
@SiKniB maybe, but the comment `//prints NOTHING?` suggests you didn't know why it printed nothing. Now you do. — , Jun 18 '13 at 21:38
[How do I expire a PHP session after 30 minutes?](https://stackoverflow.com/q/520237/6521116) — LF00, Jul 08 '17 at 05:28

score 6 · Accepted Answer · answered Jun 18 '13 at 21:39

6

Something like this should work

<?php
// 2 hours in seconds
$inactive = 7200; 
ini_set('session.gc_maxlifetime', $inactive); // set the session max lifetime to 2 hours

session_start();

if (isset($_SESSION['testing']) && (time() - $_SESSION['testing'] > $inactive)) {
    // last request was more than 2 hours ago
    session_unset();     // unset $_SESSION variable for this page
    session_destroy();   // destroy session data
}
$_SESSION['testing'] = time(); // Update session

answered Jun 18 '13 at 21:39

wardpeet

211
1
2
10

I added the code and will test and if it works will accept your answer. Thanks – Si8 Jun 18 '13 at 21:53
Could I include this for example in the __construct function of a Login.php class? or do I put this on every page where session is mandatory? – Rafael Jul 31 '15 at 12:32
Why is ini_set required above? – Toniq Jan 22 '23 at 16:54

amigura · Answer 2 · 2013-06-18T22:09:35.577

you need a static start time to expire. $session_life > $inactive will always be greater no matter what.

session_start();

$testingvalue = "SESSION TEST";
$_SESSION['testing'] = $testingvalue;

// 2 hours in seconds
$inactive = 7200;


$_SESSION['expire'] = time() + $inactive; // static expire


if(time() > $_SESSION['expire'])
{  
$_SESSION['testing'] = '';
 session_unset();
 session_destroy(); 
$_SESSION['testing'] = '2 hours expired'; // test message
}

echo $_SESSION['testing'];

or session-set-cookie-params

session_destroy() after certain amount of time in PHP

2 Answers2

Linked