1

I have read numerous posts about destroying a PHP session after a set amount of time, but many of the answers don't clarify whether the solution works for inactivity or for a set period of time. Let me expound.

I am using php to generate and grade a quiz. Each question is dynamically generated and the user must hit the submit button to move on to the next question, thereby generating a request to the php script.

I want the user to only have 15 total minutes to complete it. In other words, if it takes the user 6 minutes to do the first 3 problems, then the user has 9 minutes left to do the other 3 problems.

If you set your inactive time to 15 minutes, then presumably the user has 15 minutes in-between requests to the webpage, correct? This is the solution that this answer provides I believe.

However, that is not what I need. I need for the session to terminate after 15 total minutes from the start, regardless of whenever the last request was made by the user.

Thank you

Community
  • 1
  • 1
Spencer
  • 131
  • 9
  • 3
    I believe you're better off using session + cookies to validate the timer. Also, if you want to kill the session with a request, I would create a session and save that session key or ID in a database then validate it on each request and once 15 minutes elapses. In result, the moment a user submits a request the session will be checked for time elapsed and either accept the response or reject with a message that time has expired. – dchayka Nov 16 '15 at 00:38
  • 2
    See http://stackoverflow.com/questions/520237/how-do-i-expire-a-php-session-after-30-minutes – Ultimater Nov 16 '15 at 00:50

1 Answers1

1

I read more into the link that I posted, which was a Stack Overflow post, and found an answer that had several up votes but was not selected as the best, written by @Rafee - however, it accomplished what I wanted it to do. Here is that code:

Login.php

<?php
  session_start();
?>

<html>
    <form name="form1" method="post">
        <table>
            <tr>
                <td>Username</td>
                <td><input type="text" name="text1"></td>
            </tr>
            <tr>
                <td>Password</td>
                <td><input type="password" name="pwd"></td>
            </tr>
            <tr>
                <td><input type="submit" value="SignIn" name="submit1"></td>
            </tr>
        </table>
    </form>
</html>

<?php
    if ($_POST['submit1']) {
        $v1 = "FirstUser";
        $v2 = "MyPassword";
        $v3 = $_POST['text'];
        $v4 = $_POST['pwd'];
        if ($v1 == $v3 && $v2 == $v4) {
            $_SESSION['luser'] = $v1;
            $_SESSION['start'] = time(); // Taking now logged in time.
            // Ending a session in 30 minutes from the starting time.
            $_SESSION['expire'] = $_SESSION['start'] + (30 * 60);
            header('Location: http://localhost/somefolder/homepage.php');
        } else {
            echo "Please enter the username or password again!";
        }
    }
?>

Homepage.php:

    <?php
    session_start();

    if (!isset($_SESSION['luser'])) {
        echo "Please Login again";
        echo "<a href='http://localhost/somefolder/login.php'>Click Here to Login</a>";
    }
    else {
        $now = time(); // Checking the time now when home page starts.

        if ($now > $_SESSION['expire']) {
            session_destroy();
            echo "Your session has expired! <a href='http://localhost/somefolder/login.php'>Login here</a>";
        }
        else { //Starting this else one [else1]
?>

I was not fully aware of how session_start worked but I realize now that it must be included in the php files that will use the session variables.

Spencer
  • 131
  • 9