Check time left before php session expires

Question

I need to build a php session expiry alert / stay logged in prompt for my website. I have looked at dozens of examples but am confused so back to basics.

Is there a way to display a countdown for the default expiry time?

UPDATE 1

So far - to get a handle on the situation - I have:

echo '<p>This is the $_SESSION[\'expiretime\']: ' . $_SESSION['expiretime'] . '</p>';           
echo '<p>This is the time(): ' . time() . '</p>';           
$timeleft =  time() - $_SESSION['expiretime'];          
echo '<p>This is the time() MINUS the $_SESSION[\'expiretime\'] : ' . $timeleft . '</p>';

I'm not certain what the parameter $_SESSION['expiretime'] is but I found it in a thread and it looked interesting. Other than the number of seconds since 1970 I'm not sure what all of this tells me but may be useful for subsequent calcs.

Write the time it expires to the DOM then use JS math to subtract the time and display amount left. — user3783243, Aug 15 '18 at 12:16
What have you tried so far? If you NEED TO build one for your own website btw, you are very hard on yourself then. You probably WANT TO build one ;) — Dorvalla, Aug 15 '18 at 12:16
@user3783243 - I understand the concept that I can specify a custom time the session expires. But I also understand that there is a 'default' expiry time set by the server I think. I think I need to know what the default is in order to set my custom time so it is less than default and therefore my alert will show before the user is logged out. Is that correct? — Pete D, Aug 15 '18 at 13:40
`$_SESSION`s are something you set, they do not have a default PHP value. — user3783243, Aug 15 '18 at 13:44
@Pete D - you are right that there often are default session timeouts set. You have to control both the _upper_ and _lower_ bounds - https://stackoverflow.com/q/8311320/296555. — waterloomatt, Aug 15 '18 at 16:55

marcramser · Accepted Answer · 2018-08-15T16:20:59.113

2

You have to do something like

//Start our session.
session_start();

//Expire the session if user is inactive for 30
//minutes or more.
$expireAfter = 30;

//Check to see if our "last action" session
//variable has been set.
if(isset($_SESSION['last_action'])){

  //Figure out how many seconds have passed
  //since the user was last active.
  $secondsInactive = time() - $_SESSION['last_action'];

  //Convert our minutes into seconds.
  $expireAfterSeconds = $expireAfter * 60;     
  //Check to see if they have been inactive for too long.
  if($secondsInactive >= $expireAfterSeconds){
    //User has been inactive for too long.
    //Kill their session.
    session_unset();
    session_destroy();
  } else {
    echo("Expire in:");
    echo($expireAfterSeconds - $secondsInactive); 
  } 
}
$_SESSION['last_action'] = time();

edited Aug 15 '18 at 16:20

answered Aug 15 '18 at 14:33

marcramser

579
1
10
23

Super minor, but you're missing a `;` after `echo("Expire in:")`. – waterloomatt Aug 15 '18 at 15:56
@marcramser This script displays how many seconds before my coded inactivity limit is reached ($expireAfter). But if my web server has a limit which is lower won't the session expire before $secondsInactive >= $expireAfterSeconds? – Pete D Aug 15 '18 at 21:41
I am not 100% sure if this helps but you can try '$expireAfter = ini_get("session.gc_maxlifetime");' – marcramser Aug 16 '18 at 05:17

Check time left before php session expires

UPDATE 1

1 Answers1