I'd like to kill a session after a user has been inactive for 20 minutes. in PHP

Question

Possible Duplicate:
How do I expire a PHP session after 30 minutes?

I'd like to kill a session after a user has been inactive for 20 minutes.

http://www.php.net/manual/en/session.configuration.php – usoban Mar 26 '11 at 08:27 — usoban, Mar 26 '11 at 08:27

score 3 · Answer 1 · edited Mar 26 '11 at 08:34

3

Build this into your code wherever appropriate:

session_start();

// 20 mins in seconds $inactive = 1200;
$session_life = time() - $_session['timeout']; if($session_life > $inactive) {
session_destroy(); header("Location: logoutpage.php");
} $_session['timeout']=time();

This will check how much time has passed since the last request, if it is greater than 20 minutes it is destroyed.

edited Mar 26 '11 at 08:34

JohnP

49,507
13
108
140

answered Mar 26 '11 at 08:27

Andrew Jackman

13,781
7
35
44

This will probably redirect as soon as you login. If you add a check to makes sure the timeout variable exists before it checks for inactivity it should work better. `if(isset($_SESSION['timeout']) ) { $session_life = time() - $_SESSION['timeout']; if($session_life > $inactive) { session_destroy(); header("location: somelocation.php"); } }` – TheNoobUser Dec 18 '18 at 14:48

score -4 · Answer 2 · answered Mar 26 '11 at 08:31

-4

PHP will kill a session automatically after 24 min of inactivity.
I doubt 4 min makes so much difference.
Just use default settings and you'll be fine, no special actions needed.

answered Mar 26 '11 at 08:31

Your Common Sense

156,878
40
214
345

11

Thats not really a fair thing to say. What if an organization has a policy for 20 minutes of inactivity until their on-line management system should log them out. Can you justify saying 24 minutes is better because it is easier to configure? – Andrew Jackman Mar 26 '11 at 08:41

I'd like to kill a session after a user has been inactive for 20 minutes. in PHP

2 Answers2