Jump to content

Session Time Out code behaving Badly?


Recommended Posts

I have the following session timeout code which should redirect users of a website to a page (session_expired.php) which prints out a message telling the user that his session has expired.  I include this code at the top of every page in the website, that requires user authentication.


//address error handling

ini_set ('display_errors', 1);
error_reporting (E_ALL & ~E_NOTICE);

if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > 1800)) {
    // last request was more than 30 minates ago
    session_destroy();   // destroy session data in storage
    session_unset();     // unset $_SESSION variable for the runtime
    header("location: session_expired.php");
$_SESSION['LAST_ACTIVITY'] = time(); // update last activity time stamp



The session_expired.php page which I will include below, has a login link, which takes the user to a login page (access_denied.php)


//address error handling

ini_set ('display_errors', 1);
error_reporting (E_ALL & ~E_NOTICE);

//Set the page title before the header file
$title = 'Session Expired';

require ('header.php'); //need the header


	      <div id="content" class="">

			<div id="left_content" class="">

			</div> <!--closes left content-->

			<div id="right_content" class="">

				<div id= "right_content_inner_border">

					<h5 style ="position:relative;left:660px;top:1px;"> <a style="text-decoration:none" href="access_denied.php">[Login]</a> </h5>

					<h3 style ="position:relative;left:110px;top:100px; font-color:blue;"> You Session Expired Due to Inactivity! </h3>

				</div> <!--closes right content inner border-->

			</div> <!--closes right content-->

		</div> <!--closes content-->


require ('footer.php'); //need the footer





Now here lies the problem.  When i set the session timeout to say 60 seconds to test the code, everything seems to work perfectly.  The authenticated page gets redirected to session_expired.php after 1 minute and when the user clicks on the login link, he is taken back to the login page(access_denied.php).    However, when I replace the time with 1800 seconds, the page notice that when I leave the page idle for JUST about 5 minutes, it gets redirected NOT even to the expected session_expired.php page but strangely, directly to the login page(access_denied.php).  What could be going wrong here?  Any hint is appreciated. 

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.