PHP Session Lifetime: A work around session.gc_maxlifetime
I needed to limit my session life time in a specific site running in my remote server. But could not set session.gc_maxlifetime. Also I know that session.gc_maxlifetime is not good! It is not reliable and it's tricky to get a different session max life time for each site running in your server.
So I made my own script that would clean session and cookies after a predefined number of minutes. Then all I had to do is to include this script in the start of my index.php:
So I made my own script that would clean session and cookies after a predefined number of minutes. Then all I had to do is to include this script in the start of my index.php:
// checks if session is idle for too much time
// if it is it will erase all session vars!
// if not it will update last activity time
// returns true if session was wiped
function session_check() {
// time out in seconds
$max_idle_time = 10 * 60;
// name of session variable used to store last activity
$sname = '_session_last_activity';
$cleaned = false;
// start session if it wasn't yet
if (session_id() == '') session_start();
// check if session variable is set
if (isset($_SESSION[$sname])) {
$t_old = $_SESSION[$sname];
$t_now = mktime();
// check if session expired
if ($t_now - $t_old > $max_idle_time) {
// wipe sessions
session_unset();
session_destroy();
$_SESSION = array();
// wipe cookies
foreach ($_COOKIE as $key => $value) setcookie($key, '',
time()-1);
$cleaned = true;
}
}
// create or refresh session
$_SESSION[$sname] = mktime();
return $cleaned;
}
// call funtion
if (session_check()) {
// echo 'Session was just cleaned...';
}
2 Comments:
hey.. thanks a lot.. your code was a great help on my current project...
keep it up...
Nice function. I added a twist that you might find useful. I made max_idle_time a global variable to be used the in the function and in creating a meta tag for the html header:
$refreshMetaTag = 'meta http-equiv="refresh" content="' . $max_idle_time . '; URL=expired.php"';
With this the user will not be in a situation where they are left on a page after their session is expired.
Post a Comment
Subscribe to Post Comments [Atom]
<< Home