how to destroy the session if the application is exceeding more than its given idel time using php

0
votes

in my program for a security purpose it is neccessary to destroy the session variable if the application exceed more than its idle time.For This i am using this code,

// set timeout period in seconds $inactive = 300;

// check to see if $_SESSION['timeout'] is set if(isset($_SESSION['timeout']) ) { $session_life = time() - $_SESSION['start']; if($session_life

$inactive) { session_destroy(); header("Location: logout.php"); } } $_SESSION['timeout'] = time();

But this code refresh the session variable every 5 min, i want to know how to destroy the session variable if the system is in the idle time. And also please tell me it create any other problem if i destroy the session variable . Thanks in advance

2
php
Please indent code by 4 spaces, not with >. That's the {} button in the toolbar, not the " button. - deceze

2 Answers

0
votes

session_unset

@Edit:
Since the session data are considered garbage after the session timed out, no action should be needed really. It should be sufficient, to make sure, the garbage is cleared in a regular manner. So simply calling a page which creates a dummy session (once a minute fe.) should be enough. The garbage collector frequency may also be configured in php.ini.

However, you can verify this easily by monitoring your sessions (in file / database / memory).

0
votes

Try this:

  • Edit php.ini - set session.cookie_lifetime with the intended value in seconds (300 seconds for your 5 minutes).
  • Restart your apache server.
  • Login
  • Test the session variable after 5 minutes (should have expired).

Remember, from the docs:

The default "0" value means that the cookie stays alive until the browser is closed. This is also the default value, if not set in php.ini.

So, you must set it: it defaults to zero - so it will never expire unless someone closes the browser window.