SitePoint Sponsor

User Tag List

Results 1 to 3 of 3
  1. #1
    SitePoint Evangelist
    Join Date
    Apr 2005
    Posts
    485
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    session w/ timeout after x time of inactivity

    hi all,

    i want a session to expire after a period of inactive time.

    i think the general process looks like this...

    PHP Code:

    session_cache_limiter
    ("private");
    // or set session.cache_limiter in php.ini to 'private'.

    session_cache_expire(15);

    session_start();

    // call session_cache_start(15) for every 
    // page that i want to reset the expiration clock 
    is that about it or am i missing something?

    tia...

  2. #2
    SitePoint Evangelist
    Join Date
    Apr 2005
    Posts
    485
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by skeeterbug
    hi all,

    i want a session to expire after a period of inactive time.

    i think the general process looks like this...

    PHP Code:

    session_cache_limiter
    ("private");
    // or set session.cache_limiter in php.ini to 'private'.

    session_cache_expire(15);

    session_start();

    // call session_cache_start(15) for every 
    // page that i want to reset the expiration clock 
    is that about it or am i missing something?

    tia...
    i'm missing something. i tried....

    PHP Code:

    session_cache_limiter
    ("private");
    session_cache_expire(1);
    session_start(); 
    but the session didn't expire after 1 minute.

  3. #3
    SitePoint Wizard silver trophy
    Join Date
    Mar 2006
    Posts
    6,132
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    the cache limiter doesnt control how long the session lasts.

    that controlls which type of expires header is sent with the page response, basically how long the _page_ should be cached for.

    if you want the browser to discard the cookie after x amount of time passes, you need to set an expires time for the session cookie. the default is 0, which tells the browser to hold onto the cookie until the browser is closed. you can set a value in seconds like

    PHP Code:
    ini_set('session.cookie_lifetime'900);
    session_start(); 
    keep in mind, this is just advisory to the browser. also, ive heard there can be inconsistencys with certain browsers and thier notion of the current time, so it may be best to avoid that approach and just do the validation server side.

    PHP Code:
    <?php

    session_start
    ();

    // 15min, in seconds
    $timeout 900;


    if (isset(
    $_SESSION['last_access'])) {

        
    $inactive_seconds time() - $_SESSION['last_access'];

        if (
    $inactive_seconds $timeout) {
            
    // inactive too long, kill the session variables
            
    $_SESSION = array();
        }
    }

    // update last activity
    $_SESSION['last_access'] = time();

    ?>

    note though, that all i did was destroy the session variables. i did not delete the session cookie, or the session file. you may want to take a look at session_destroy() or session_regenerate_id() and read the user comments depending on which behavior you need. but just destroying the session variables, while keeping the current session may be sufficient for you.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •