How to implement a PHP session timeout on your own


 
 

To Implement a session timeout on your own,  you can use a simple time stamp that denotes the time of the last activity and update it with every request.

You can also use an additional time stamp to regenerate the session ID periodically to avoid attacks on sessions.

Enjoy the code!


  1. if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > 1800)) {
  2. // last request was more than 30 minutes ago
  3. session_unset(); // unset $_SESSION variable for the run-time
  4. session_destroy(); // destroy session data in storage
  5. }
  6. $_SESSION['LAST_ACTIVITY'] = time(); // update last activity time stamp
  7.  
  8. /*
  9. You can also use an additional time stamp to regenerate the session ID periodically to avoid attacks on sessions like session fixation:
  10. */
  11. if (!isset($_SESSION['CREATED'])) {
  12. $_SESSION['CREATED'] = time();
  13. } else if (time() - $_SESSION['CREATED'] > 1800) {
  14. // session started more than 30 minutes ago
  15. session_regenerate_id(true); // change session ID for the current session an invalidate old session ID
  16. $_SESSION['CREATED'] = time(); // update creation time
  17. }
  18.  
  19. //note that session.gc_maxlifetime should be at least equal to the life time of this custom expiration handler (1800 in this example).

 

 

 

original source & credits

 
 

tags: php webdev


Comments area, use one of your social accounts to log-in and post a comment.



Responses to the post

search post

Recent from the blog

Install Syncthing on Ubuntu 16.04 using Debian Repository

Install Syncthing on Ubuntu 16.04 using Debian Repository

Syncthing is a free continuous file synchronization tool that lets…

SQLMAP installation and usage in Ubuntu and Kali linux

SQLMAP installation and usage in Ubuntu and Kali linux

Let's talk about the penetration testing using one of the…

Google Chrome will block Flash content starting next month, make HTML 5 default by December

Google Chrome will block Flash content starting next month, make HTML 5 default by December

There really is no stopping Flash's demise. In a blog post…

How to Enjoy Summer in the Office - by Wrike project management software

How to Enjoy Summer in the Office - by Wrike project management software

Infographic brought to you by Wrike best agile project management…

CSS Flexbox Toolbox: some tools

CSS Flexbox Toolbox: some tools

The CSS3 Flexible Box, or flexbox, is a layout mode providing for the arrangement…

CSS-Only Olympic Rings

CSS-Only Olympic Rings

Inspired by Justin Sepulveda’s CSS Logos and this post on the new Design Informer…

Happy 25th birthday WWW !!!

Happy 25th birthday WWW !!!

On this day 25 years ago, August 6, 1991, the…

8 Social Tools to interact with Customers and improve CX

8 Social Tools to interact with Customers and improve CX

Customer experience is measured by the individual’s experience during all…

NEWSLETTER

Ma-No's Projects

SOCIAL

We use our own cookies and third-party cookies to improve our services, show products based on your preferences, analyse the browsing habits of our users, and enable interaction with social networks. Continuing to browse our sites implies full acceptance of their use. You can change your cookie setting or get more information here: Cookies policy .