Php Session Timeout Secure

Question

I was wondering how to make php session timeout? i have this so far, Or make it so people can use cookie and login..

<?php
include('config.php');
session_start();
$user_check=$_SESSION['login_user'];

$ses_sql=mysql_query("select username from admin where username='$user_check' ");

$row=mysql_fetch_array($ses_sql);

$login_session=$row['username'];

if(!isset($login_session))
{
header("Location: login.php");
}
?>

http://stackoverflow.com/questions/520237/how-do-i-expire-a-php-session-after-30-minutes Check that out, should answer your question. — Kaylined, Sep 03 '16 at 22:48

BeetleJuice · Accepted Answer · 2016-09-03T23:15:36.597

0

Your code will never time out because $login_session will be set so long as the user still exists in the DB.

Store the expiration time in the session. Abstract the code below in a file that you include on every protected page.

<?php
if(session_status()===PHP_SESSION_NONE) session_start();

//if user supplied login creds:
if(isset($_POST['username']) && isset($_POST['password'])){
    //attempt to login,
    //...

    // if login worked save username and expiration time
    if(...){
        $_SESSION['user'] = $row['username'];
        $_SESSION['exp'] = time() + 600; //expires in 10 minutes
    }
}
//now check access
if(empty($_SESSION['user'])){
    //user is not logged in. show error and exit
}elseif(empty($_SESSION['exp']) || $_SESSION['exp'] < time()){
    //session has expired. show error and exit
}

//session is still valid. Extend expiration:
$_SESSION['exp'] = time() + 600; //expires in 10 minutes

//show protected content

edited Sep 03 '16 at 23:15

answered Sep 03 '16 at 23:07

BeetleJuice

39,516
19
105
165

i used that code but i get this error [04-Sep-2016 15:40:52 Europe/London] PHP Parse error: syntax error, unexpected '...' (T_ELLIPSIS) in /home/public_html/welcome.php on line 12 – bob marley Sep 04 '16 at 14:41
@dazholmes That's because I used `if(...)`. It's not real code. It is meant to say `if login was successful`. Replace it with the appropriate code for your application. – BeetleJuice Sep 04 '16 at 15:06
ok so how would i get that to work? i put it into the page i want protected but like i said i get that error... the only thing i include on protected pages is include('lock.php'); and the inside of lock.php is above in the post i made – bob marley Sep 04 '16 at 16:36

Php Session Timeout Secure

1 Answers1