2

Is there any way to set time limitation for session? It means that my application should log out after 1 hour through server settings not like coding level as below.

<?php
if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > 7200)) {
    // last request was more than 120 minutes ago
    session_unset();     // unset $_SESSION variable for the run-time 
    session_destroy();   // destroy session data in storage
}

$_SESSION['LAST_ACTIVITY'] = time(); // update last activity time stamp
?>
Anto S
  • 2,448
  • 6
  • 32
  • 50
  • 1
    possible duplicate of [How do I expire a PHP session after 30 minutes?](http://stackoverflow.com/questions/520237/how-do-i-expire-a-php-session-after-30-minutes) – elixenide Jan 05 '15 at 07:47

5 Answers5

4

first, store the last time the user made a request

<?php
 session_start();
 $_SESSION['LAST_ACTIVITY'] = time();
?>

in subsequent request, check how long ago they made their previous request (30 minutes in this example)

<?php
  if (isset($_SESSION['LAST_ACTIVITY']){

  if ($_SESSION['LAST_ACTIVITY'] + 30 * 60 < time()) {

     // session timed out
     session_unset();     // unset $_SESSION variable for the run-time 
     session_destroy();   // destroy session data in storage
  } else {

    // session ok
 }
}
?>
sandipon
  • 986
  • 1
  • 6
  • 19
3

$timeout = 60*60;//1 hour session_start(); if (!isset($_SESSION['sessionTime'])) { $_SESSION['sessionTime'] = time() + $timeout;//first login, set timeout } else { if ($_SESSION['sessionTime'] < time()) {//over timeout, destroy session session_unset(); session_destroy(); } else { $_SESSION['sessionTime'] = time() + $timeout;//login in timeout, reset timeout } }

Ateoa
  • 116
  • 3
1
if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > 1800)) {
// last request was more than 30 minutes ago
session_unset(); // unset $_SESSION variable for the run-time
session_destroy(); // destroy session data in storage
}
$_SESSION['LAST_ACTIVITY'] = time(); // update last activity time stamp

/*
You can also use an additional time stamp to regenerate the session ID periodically to avoid attacks on sessions like session fixation:
*/

if (!isset($_SESSION['CREATED'])) {
$_SESSION['CREATED'] = time();
} else if (time() - $_SESSION['CREATED'] > 1800) {
// session started more than 30 minutes ago
session_regenerate_id(true); // change session ID for the current session an invalidate old session ID
$_SESSION['CREATED'] = time(); // update creation time
}

//note that session.gc_maxlifetime should be at least equal to the life time of this custom expiration handler (1800 in this example).

description here

Akash kumar
  • 981
  • 3
  • 14
  • 27
1

Cause the question was "not on coding level" => You could achieve this via php.ini and/or .htaccess by setting session.gc_maxlifetime and/or session.cookie_lifetime.

But coding-level is mor reliable and way mor fault-tolerant.

See the best answer of this Question for explanation.

Community
  • 1
  • 1
Sebastian Bork
  • 536
  • 4
  • 8
1

For Detailed Explanation please go through this link : http://php.net/manual/en/function.session-set-cookie-params.php#96868

we can give via session parameters by giving the following command in php

<?php
       // Here we start as usual
       session_set_cookie_params('3600'); // 1 hour
       session_start();
?>

Hope it helps thank you

Farveen Hassan
  • 408
  • 4
  • 12