How to Implement a Php Session Timeout On Your Own

by admin Date: 05-12-2013 php webdev


To Implement a session timeout on your own,  you can use a simple time stamp that denotes the time of the last activity and update it with every request.

You can also use an additional time stamp to regenerate the session ID periodically to avoid attacks on sessions.

Enjoy the code!



    

  1. 
if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > 1800)) {
    2. 

  2. 
// last request was more than 30 minutes ago
    3. 

  3. 
session_unset(); // unset $_SESSION variable for the run-time 
    4. 

  4. 
session_destroy(); // destroy session data in storage
    5. 

  5. 
}
    6. 

  6. 
$_SESSION['LAST_ACTIVITY'] = time(); // update last activity time stamp
    7. 

  7. 
 
    8. 

  8. 
/*
    9. 

  9. 
You can also use an additional time stamp to regenerate the session ID periodically to avoid attacks on sessions like session fixation:
    10. 

  10. 
*/
    11. 

  11. 
if (!isset($_SESSION['CREATED'])) {
    12. 

  12. 
$_SESSION['CREATED'] = time();
    13. 

  13. 
} else if (time() - $_SESSION['CREATED'] > 1800) {
    14. 

  14. 
// session started more than 30 minutes ago
    15. 

  15. 
session_regenerate_id(true); // change session ID for the current session an invalidate old session ID
    16. 

  16. 
$_SESSION['CREATED'] = time(); // update creation time
    17. 

  17. 
}
    18. 

  18. 
 
    19. 

  19. 
//note that session.gc_maxlifetime should be at least equal to the life time of this custom expiration handler (1800 in this example).
    20. 




 



 



 



original source & credits
 
 








 by admin


 Date: 05-12-2013


php webdev 
hits :
6468   








 














 


 




 










Related Posts