Jump to content


This topic is now archived and is closed to further replies.


Session Time Out code behaving Badly?

Recommended Posts

I have the following session timeout code which should redirect users of a website to a page (session_expired.php) which prints out a message telling the user that his session has expired.  I include this code at the top of every page in the website, that requires user authentication.


//address error handling

ini_set ('display_errors', 1);
error_reporting (E_ALL & ~E_NOTICE);

if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > 1800)) {
    // last request was more than 30 minates ago
    session_destroy();   // destroy session data in storage
    session_unset();     // unset $_SESSION variable for the runtime
    header("location: session_expired.php");
$_SESSION['LAST_ACTIVITY'] = time(); // update last activity time stamp



The session_expired.php page which I will include below, has a login link, which takes the user to a login page (access_denied.php)


//address error handling

ini_set ('display_errors', 1);
error_reporting (E_ALL & ~E_NOTICE);

//Set the page title before the header file
$title = 'Session Expired';

require ('header.php'); //need the header


	      <div id="content" class="">

			<div id="left_content" class="">

			</div> <!--closes left content-->

			<div id="right_content" class="">

				<div id= "right_content_inner_border">

					<h5 style ="position:relative;left:660px;top:1px;"> <a style="text-decoration:none" href="access_denied.php">[Login]</a> </h5>

					<h3 style ="position:relative;left:110px;top:100px; font-color:blue;"> You Session Expired Due to Inactivity! </h3>

				</div> <!--closes right content inner border-->

			</div> <!--closes right content-->

		</div> <!--closes content-->


require ('footer.php'); //need the footer





Now here lies the problem.  When i set the session timeout to say 60 seconds to test the code, everything seems to work perfectly.  The authenticated page gets redirected to session_expired.php after 1 minute and when the user clicks on the login link, he is taken back to the login page(access_denied.php).    However, when I replace the time with 1800 seconds, the page notice that when I leave the page idle for JUST about 5 minutes, it gets redirected NOT even to the expected session_expired.php page but strangely, directly to the login page(access_denied.php).  What could be going wrong here?  Any hint is appreciated. 

Share this post

Link to post
Share on other sites


Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.