Time limit on session

[smc]

Hiya,

How can I make it so a session expires after, say, 2 hours? As it stands right now it seems like as long as the browser is open the session is open. I just want to add some additional security.

Thanks!!

[Jessica]

You could record the time the session starts as a variable, and on each page check if it's been two hours?

[pocobueno1388]

Here is what did:

[code]
<?php

//No session set (first time user visited)
if(empty($_SESSION['last_active'])){
//Set the Session
$_SESSION['last_active'] = time();
}

//Session set, but user not active for more than thirty minutes
elseif(!empty($_SESSION['last_active']) && $_SESSION['last_active'] < time()-7200){

print "You must be logged in to view this page. <a href='index.php'>Login here.</a>";

//Destroy the session
$_SESSION['last_active'] = '';
exit;
}

//Session set, and the user has been active for under thirty minutes
elseif(!empty($_SESSION['last_active']) && $_SESSION['last_active'] >= time()-1800){
//Update session with current time
$_SESSION['last_active'] = time();
}

?>
[/code]

Put this on your header.php page so it executes every time somone clicks. I changed it for you so it keeps them logged in for 2 hours.

[smc]

Awesome, would it work if I put it in a sessiontime.php and included it on the files?

[pocobueno1388]

It should ^^ Just make sure you include it at the top under your session_start() and there shouldn't be a problem.

[smc]

Edit: Nevermind, it does  ;D

[BenD]

Thanks so much pocobueno1388, I place the code under session_start() like you indicated it works like charm. Thanks again for sharing.

 

B.