Session timeout for login page

Question

Suppose I have one login form in php and I set session on user_id and user_name. Now, as per my php knowledge the default session timeout is 24mins, and suppose I'm using this application for whole day. Then obviously after each 24 mins my application will be logged out and I require to login again BUT still I'm able to use it continuously. HOW?

Dear friends don't laugh, I'm new in this.

http://stackoverflow.com/questions/520237/how-do-i-expire-a-php-session-after-30-minutes — Sajitha Rathnayake, Oct 01 '15 at 07:47

score 1 · Accepted Answer · answered Oct 01 '15 at 07:46

1

The default session timeout is indeed 24 minutes. This means however that an user is going to lose his session when the user doesn't interact with the application for 24 minutes (inactivity). You can change the session timeout in php.ini, search for: session.gc_maxlifetime = 1440 (1440 seconds = 24 minutes), or directly in the php code ini_set('session.gc_maxlifetime', 1440);

answered Oct 01 '15 at 07:46

Daan

12,099
6
34
51

it means if I logged in and then I went to take a bath for 50 mins and come to see my application then I require login again, right? – Vilas Oct 01 '15 at 07:54

score 1 · Answer 2 · answered Oct 01 '15 at 07:47

Try this

// 24 minutes in seconds
$time= 2880;
ini_set('session.gc_maxlifetime', $time); // set the session max lifetime to 24 minutes

session_start();

if (isset($_SESSION['my_session']) && (time() - $_SESSION['my_session'] > $time))
{
    // last request was more than 24 minutes ago
    session_unset();     // unset $_SESSION variable for this page
    session_destroy();   // destroy session data
}
$_SESSION['my_session'] = time(); // Update session

Session timeout for login page

2 Answers2