To create a session with session_start() in PHP while setting the SameSite attribute and implementing a time limit for session validity, you can use the following code as a starting point:
<?php
// Start the session
session_start();
// Set the SameSite attribute to 'Lax' or 'Strict' (choose one)
$cookieOptions = [
'samesite' => 'Lax', // or 'Strict'
];
// Set the session cookie options
session_set_cookie_params([
'lifetime' => 900, // 15 minutes (15 minutes * 60 seconds)
'path' => '/',
'domain' => 'yourdomain.com', // Replace with your domain
'secure' => true, // Use true if your site is served over HTTPS
'httponly' => true,
'samesite' => $cookieOptions['samesite'],
]);
// Reset the session expiration time on every page load
if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > 900)) {
// 15 minutes of inactivity, destroy the session
session_unset();
session_destroy();
} else {
$_SESSION['LAST_ACTIVITY'] = time();
}
// Your code here...
?>