How Can I Effectively Expire a PHP Session After 30 Minutes of Inactivity?-PHP Tutorial-php.cn

Home

Backend Development

PHP Tutorial

How Can I Effectively Expire a PHP Session After 30 Minutes of Inactivity?

Mary-Kate Olsen

Dec 23, 2024 am 11:23 AM

How Can I Effectively Expire a PHP Session After 30 Minutes of Inactivity?

Expiring a PHP Session after 30 Minutes

To maintain a session for a specific amount of time and terminate it afterward, implementing a custom session timeout is recommended. This approach is more reliable than relying on session settings such as session.gc_maxlifetime or session.cookie_lifetime.

1. session.gc_maxlifetime:

session.gc_maxlifetime determines the amount of time after which session data is deemed 'garbage' and removed. However, garbage collection occurs sporadically, making it an unreliable method for session expiration.

2. session.cookie_lifetime:

session.cookie_lifetime only influences the lifespan of the cookie sent to the browser, not the session itself. The server is responsible for invalidating sessions, not the client.

Recommended Solution:

Implement a custom session timeout by maintaining a time stamp that tracks the last activity time. Update this time stamp with every request.

if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > 1800)) {
    // last request was more than 30 minutes ago
    session_unset();     // unset $_SESSION variable for the run-time 
    session_destroy();   // destroy session data in storage
}
$_SESSION['LAST_ACTIVITY'] = time(); // update last activity time stamp

This method effectively expires session data after 30 minutes of activity and prevents premature removal by the garbage collector.

For enhanced security, consider periodically regenerating the session ID to prevent session fixation attacks.

if (!isset($_SESSION['CREATED'])) {
    $_SESSION['CREATED'] = time();
} else if (time() - $_SESSION['CREATED'] > 1800) {
    // session started more than 30 minutes ago
    session_regenerate_id(true);    // change session ID for the current session and invalidate old session ID
    $_SESSION['CREATED'] = time();  // update creation time
}

Notes:

Set session.gc_maxlifetime to be at least as long as the custom expiration handler.
For expiring sessions based on activity rather than session start, set the cookie expiration time using setcookie to 30 minutes.

The above is the detailed content of How Can I Effectively Expire a PHP Session After 30 Minutes of Inactivity?. For more information, please follow other related articles on the PHP Chinese website!

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Working with Flash Session Data in LaravelMar 12, 2025 pm 05:08 PM

Laravel simplifies handling temporary session data using its intuitive flash methods. This is perfect for displaying brief messages, alerts, or notifications within your application. Data persists only for the subsequent request by default: $request-

cURL in PHP: How to Use the PHP cURL Extension in REST APIsMar 14, 2025 am 11:42 AM

The PHP Client URL (cURL) extension is a powerful tool for developers, enabling seamless interaction with remote servers and REST APIs. By leveraging libcurl, a well-respected multi-protocol file transfer library, PHP cURL facilitates efficient execution of various network protocols, including HTTP, HTTPS, and FTP. This extension offers granular control over HTTP requests, supports multiple concurrent operations, and provides built-in security features.

Simplified HTTP Response Mocking in Laravel TestsMar 12, 2025 pm 05:09 PM

Laravel provides concise HTTP response simulation syntax, simplifying HTTP interaction testing. This approach significantly reduces code redundancy while making your test simulation more intuitive. The basic implementation provides a variety of response type shortcuts: use Illuminate\Support\Facades\Http; Http::fake([ 'google.com' => 'Hello World', 'github.com' => ['foo' => 'bar'], 'forge.laravel.com' =>

12 Best PHP Chat Scripts on CodeCanyonMar 13, 2025 pm 12:08 PM

Do you want to provide real-time, instant solutions to your customers' most pressing problems? Live chat lets you have real-time conversations with customers and resolve their problems instantly. It allows you to provide faster service to your custom

Explain the concept of late static binding in PHP.Mar 21, 2025 pm 01:33 PM

Article discusses late static binding (LSB) in PHP, introduced in PHP 5.3, allowing runtime resolution of static method calls for more flexible inheritance.Main issue: LSB vs. traditional polymorphism; LSB's practical applications and potential perfo

PHP Logging: Best Practices for PHP Log AnalysisMar 10, 2025 pm 02:32 PM

PHP logging is essential for monitoring and debugging web applications, as well as capturing critical events, errors, and runtime behavior. It provides valuable insights into system performance, helps identify issues, and supports faster troubleshoot

Discover File Downloads in Laravel with Storage::downloadMar 06, 2025 am 02:22 AM

The Storage::download method of the Laravel framework provides a concise API for safely handling file downloads while managing abstractions of file storage. Here is an example of using Storage::download() in the example controller:

Global View Data Management in LaravelMar 06, 2025 am 02:42 AM

Laravel's View::share method offers a streamlined approach to making data accessible across all your application's views. This is particularly useful for managing global settings, user preferences, or recurring UI components. In Laravel development,

See all articles