After a certain time period, it's reasonable to expect that a
user's session should automatically log out, which is essentially an expiration
period. PHP allows you to specifically set this duration. The best way to do
this is to modify the .htaccess file.
The .htaccess file affects the
HTML and PHP files in the same directory as the file. It allows you to make
configuration changes without modifying Apache's configuration files. Any
changes made in the .htaccess file also apply to
files in subdirectories unless another .htaccess
file is in a subdirectory.
session.gc_maxlifetime variable.
Session time
<IfModule mod_php4.c>
php_value session.gc_maxlifetime "14400"
</IfModule
The value that comes after sessions.gc_maxlifetime is
in 100ths of a second, so, if you want a session timeout of 30 minutes, you
would use a value of 18000.