PHP Session expire-minutes inactivity
session_cache_limiter('public');session_cache_expire(15);
//should expire after 15 minutes inactivity
asy way to handle this, is to set a variable to $_SESSION
every time the user visits the page after a successful login.
You can check that variable every time the page loads, and then
you will know the last time they requested a page from the site,
and can compare it to the current time to determine what to do from there.
session.gc_maxlifetime
session.gc_maxlifetime specifies the number of seconds after which data
will be seen as 'garbage' and cleaned up. Garbage collection occurs
during session start.
Furthermore, when using PHP's default session.save_handler files,
the session data is stored in files in a path specified in session.save_path.
With that session handler, the age of the session data is calculated on the
file's last modification date and not the last access date.
if (isset($_SESSION['LAST_ACTIVITY']) &&
(time() - $_SESSION['LAST_ACTIVITY'] > 1800)) {
// last request was more than 30 minutes ago
session_unset(); // unset $_SESSION variable for the run-time
session_destroy(); // destroy session data in storage
}
$_SESSION['LAST_ACTIVITY'] = time(); // update last activity time stamp
OR
if (!isset($_SESSION['CREATED'])) {
$_SESSION['CREATED'] = time();
} else if (time() - $_SESSION['CREATED'] > 1800) {
// session started more than 30 minutes ago
session_regenerate_id(true);
// change session ID for the current session and invalidate old session ID
$_SESSION['CREATED'] = time(); // update creation time
}
Note that session.gc_maxlifetime should be at least equal to the
lifetime of this custom expiration handler 1800 in this example.