SESSION Help

The code below shows a session that is created when people log into my site. The problem I am having is that after 30mins on the site they get booted off. What I want is for them to get booted off only if they are idle for 30mins. Anyone know why my code is not archiving this?

From Login.php

// Set the session data & redirect.
session_name ('YourVisitID');
session_set_cookie_params(1800);
session_start();
$_SESSION['user_id'] = $row[0];
$_SESSION['username'] = $row[1];
$_SESSION['agent'] = md5($_SERVER['HTTP_USER_AGENT']);
header("location:$headerURL");
exit(); // Quit the script.


at the top of every member page:

session_name ('YourVisitID');
session_set_cookie_params(1800);
session_start(); // Start the session.

// If no session value is present, redirect the user.
if (!isset($_SESSION['agent']) OR ($_SESSION['agent'] != md5($_SERVER['HTTP_USER_AGENT'])) ) {
header("Location: $SiteURL");
exit(); // Quit the script.
}

Hi there,

The PHP manual for session_start says "session_start() creates a session or resumes the current one". Perhaps, therefore, the code at the top of each page is merely resuming the time-limited session that was created in Login.php and your call to session_set_cookie_params is merely adjusting the time on the already started session (if you see what I mean!).

Or perhaps I'm wrong! I've never used time-limited session cookies to control short-timespan sessions like that -- I tend to use some kind of timer class of my own.

I suggest adding a session variable like this and checking if it's past.

SET SESSION VARIABLE

$_SESSION['timeout'] = time()+30*60;


CHECK IF TIMEOUTED

if (time() > $_SESSION['timeout'])
{
// SESSION TIMED OUT
}


Rrenew the variable if they go to a new page.