How Does One Make a Session Persist?

[drayarms]

I'm creating a site where members have to log in in order to access the site's pages. I'm using sessions to log the members in. Each member has a unique session id that grants him access to the site. At the top of each of the sit'es pages, I authenticate the user using the following code.

<?php
//Start session
session_start();

//Check whether the session variable id is present or not
if(!isset($_SESSION['id']) || (trim($_SESSION['id']) == '')) {
	header("location: access_denied.php");
	exit();
}
?>

 

So this bit of code basically redirects the user to an access denied page, if the user isn't authenticated otherwise, the user can access the page.  Right below that bit of code, I have this code that ends the session after 15 minutes of inactivity.

<?php


//address error handling

ini_set ('display_errors', 1);
error_reporting (E_ALL & ~E_NOTICE);

//Get the current page url to pass on to the session expired page.
$url=urlencode("http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);


if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > 900)) {
    // last request was more than 15 minates ago
    session_destroy();   // destroy session data in storage
    session_unset();     // unset $_SESSION variable for the runtime
    header("location: session_expired.php?url=$url");
}
$_SESSION['LAST_ACTIVITY'] = time(); // update last activity time stamp


?>

 

What do I need to do to keep the session permanently active until either the 15 minutes is reached or I manually sign out ?  Often times the page upon refreshing, gets redirected to the access_denied.php which clearly indicates that my session id is not lingering on and gets destroyed prematurely.  What do I do??

[trq]

You don't have to do anything, and the code you have for killing a session after a certain time isn't needed either. This is all taken care of under the hood.

 

Check out the session directives within your php.ini for more details.