Session auto expiry if user in idle

Question

I need to destroy the session if the user is idle up to 10 minutes also how to find the time of last activity of the user ,

if ($_SESSION['last_activity'] > 600)
{
 session_unset();   
 session_destroy();
}

is this correct way..

You don't need to call `session_destroy()`. If you call `session_destroy()` then you need to call `session_start()` again. Also, beware that if you keep **anything** else in session, that will be lost as well with `session_unset()` — Styphon, Jan 31 '14 at 09:42
Possible duplicate of http://stackoverflow.com/questions/520237/how-do-i-expire-a-php-session-after-30-minutes?lq=1 — Michael Pasqualone, Jan 31 '14 at 09:47
Possible Duplicate http://stackoverflow.com/questions/9049890/php-destroy-session-if-not-any-action-in-10-minutes — Pwner, Jan 31 '14 at 09:48

score 2 · Accepted Answer · answered Jan 31 '14 at 09:50

2

Use session.gc_maxlifetime

Set session.gc_maxlifetime = 600 in phi.ini

or

ini_set('session.gc_maxlifetime',600); // in your script

answered Jan 31 '14 at 09:50

user1844933

3,296
2
25
42

score 0 · Answer 2 · answered Jan 31 '14 at 09:47

//on pageload
session_start();

$idletime=60;//after 60 seconds the user gets logged out

if (time()-$_SESSION['timestamp']>$idletime){
    session_destroy();
    session_unset();
}else{
    $_SESSION['timestamp']=time();
}

//on session creation
$_SESSION['timestamp']=time();

score 0 · Answer 3 · answered Jan 31 '14 at 09:47

0

Check for activity before resetting the time:

if (isset($_SESSION['last_activity']) && $_SESSION['last_activity'] > 600){
    session_unset();   
    session_destroy();
}else{
    $_SESSION['last_activity'] = time();
}

answered Jan 31 '14 at 09:47

Cerbrus

70,800
18
132
147

Session auto expiry if user in idle

3 Answers3