session_destroy() automatically?

[daydreamer]

Hi.

 

On a member site I am making how would I automatically destroy a session after 20 minutes of no use?

 

At the moment I don't think the session gets destroyed if the user does not log out.

 

Thanks

[trq]

20 minutes is normally the default. It should happen automatically.

[dezkit]

php.ini

[PFMaBiSmAd]

A session is just a container. Don't rely on the destruction of a session to log someone out. Store the last access time for each visitor in your user table and on each page request test if the last access time is farther in the past than a limit you set and take appropriate action if it is, such as setting the value that says they are logged out.

 

Session garbage collection is not intended to end sessions or log someone out. It runs based on probability and unless you change the settings to cause it to run on each session_start, you cannot guarantee when old session data files will be deleted.

[daydreamer]

Ok,

 

I was doing this on each page

if ($_SESSION['in'] == true) { //user logged in }

 

and then to log out

session_unset();
session_destroy();

 

are you saying to logout I should be doing this (also if the users been inactive for a while)

$_SESSION['in']=false;

[revraz]

No, you should do

 

session_start();

session_destroy();

[daydreamer]

yeh i do as without session_start(); it wouldn't work. I thought that was assumed, cheers tho.