PHP Session expire-minutes inactivity

PHP Session expire-minutes inactivity

//should expire after 15  minutes inactivity

asy way to handle this, is to set a variable to $_SESSION
 every time the user visits the page after a successful login.
You can check that variable every time the page loads, and then
 you will know the last time they requested a page from the site,
 and can compare it to the current time to determine what to do from there.

session.gc_maxlifetime specifies the number of seconds after which data
 will be seen as 'garbage' and cleaned up. Garbage collection occurs
 during session start.

Furthermore, when using PHP's default session.save_handler files,
 the session data is stored in files in a path specified in session.save_path.
 With that session handler, the age of the session data is calculated on the
 file's last modification date and not the last access date.

if (isset($_SESSION['LAST_ACTIVITY']) &&
 (time() - $_SESSION['LAST_ACTIVITY'] > 1800)) {
    // last request was more than 30 minutes ago
    session_unset();     // unset $_SESSION variable for the run-time
    session_destroy();   // destroy session data in storage
$_SESSION['LAST_ACTIVITY'] = time(); // update last activity time stamp


if (!isset($_SESSION['CREATED'])) {
    $_SESSION['CREATED'] = time();
} else if (time() - $_SESSION['CREATED'] > 1800) {
    // session started more than 30 minutes ago
// change session ID for the current session and invalidate old session ID
    $_SESSION['CREATED'] = time();  // update creation time

Note that session.gc_maxlifetime should be at least equal to the
 lifetime of this custom expiration handler 1800 in this example.