Session Destroy Timer

[Tazerenix]

I'm working on my own file hosting system right now with the help of my friend. I've coded in a user registration/login function already and im using session_start() and $_SESSION variables.

I've looked up several ways of automatically deleting the session after a certain time but i don't really understand them to well.

I've also tried putting a code at the top of each page like:

<?php
$_SESSION['last_active'] = time();
$sessiontime = 900;
if ($_SESSION['last_active'] >= $sessiontime)
{
session_destroy();
header('Location: login.php?error=1');
}
?>

But with a few more lines and other stuff.

I've seen people suggest using code like this for auto logout but the problem with this is that it won't continuously check this all the time.

I'd like to know if someone could give some detailed example code of how to destroy the session cookie and redirect to the login page again after a certain amount of time. But it also has to have the time until deletion reset on every page load. I'm really not too sure how to do this so as much explanation and help as possible would be greatly appreciated.

And will this also work if the user still closes the window? So if the user starts a Logged in Session then closes the window and comes back 930 seconds later instead of 900 will the cookie still have been deleted?

 

Thanks for your answers if you give any 

 

ps: Yay, first post, just joined here

[MadTechie]

That code doesn't make much sense, you need to set the session after checking it, not before or it will never expire

 

try

<?php
$expiretime = 900;
if ($_SESSION['last_active']+$expiretime >=  time()){
session_start();
$_SESSION = array();
if (ini_get("session.use_cookies")) {
	$params = session_get_cookie_params();
	setcookie(session_name(), '', time() - 42000, $params["path"], $params["domain"], $params["secure"], $params["httponly"]);
}
header('Location: login.php?error=1');
}else{
$_SESSION['last_active'] = time();
}
?>