View Full Version : to add session expiry time...

03-09-2010, 12:09 PM
when ever a user login, his information(name,password..etc) will be stored in sessions and also stored in users table.
the table has following fields
1.userid 2.password

i would like to add session expiry time
what i want to do is if a user login and does not do any thing for next 15 minutes i want to redirect the user to login page.

how i can do this.any of your help will be appreciated


03-09-2010, 12:40 PM
$inactive = 600;

if(isset($_SESSION['<strong class="highlight">timeout</strong>']) )

$session_life = time() - $_SESSION['start'];

if($session_life > $inactive)

{ session_destroy(); header("Location: loginpage.php"); }


$_SESSION['<strong class="highlight">timeout</strong>'] = time();

will this code work????

03-09-2010, 04:47 PM
Its the right idea yes. I wouldn't use a key like that though, but I cannot tell if you're just trying to indicate that the 'timeout' is you're key, or if thats you're actual key. Just use 'timeout' in this case.
This is the approach I would use with standard PHP sessions. After you're location redirect though, ensure that exit() is called - if it is not the timeout will be reset to the current time which could cause some issues. Without an exit, the user will be redirected but the remaining script will still execute. You can also look at forcing you're garbage collection if you're on PHP5.3, or by altering you're configuration information to force a collection 100% of the time. This I would not do for performance reasons, rather I'd leave them to clean up in their own time and just invalidate the session available.

03-11-2010, 08:15 AM
Thanks for the suggestion...
can u pls make it more clear......

03-11-2010, 04:44 PM
Pretty much the same thing, just with proper names:


$inactive = 600;
$time = time();

if(isset($_SESSION['timeout']) && $time > ($_SESSION['timeout'] + $inactive))
$_SESSION = array();
setcookie(session_name(), '');
header("Location: loginpage.php"); // Note that this *should* be an absolute http location (most browsers will not complain though)

$_SESSION['timeout'] = $time;

Something like this.