A Strict PHP Session Session Timeout Setting Method

Recently, an PHP project used the ability to restrict login time, such as automatically quitting after a user logged in to the system for 60 minutes if there is no operation. I searched the network and collected the following methods for reference.

The first method is to set the php.ini configuration file and session.gc_maxlifetime and session.cookie_lifetime node attribute value, of course ini_The set function changes the property value of the current context:

ini_set('session.gc_maxlifetime', "3600"); //  second 

ini_set("session.cookie_lifetime","3600"); //  second 

The second method is to set the Session timestamp, such as the following.

Set timestamp to 1 hour behind current time when login is successful, $_SESSION ['expiretime'] = time () + 3600;.Use the following code to check user login:

if(isset($_SESSION['expiretime'])) {

    if($_SESSION['expiretime'] < time()) {

        unset($_SESSION['expiretime']);

        header('Location: logout.php?TIMEOUT'); //  Logout 

        exit(0);

    } else {

        $_SESSION['expiretime'] = time() + 3600; //  Refresh timestamp 

    }

}

According to the article https://www.ofstack.com/article/52961.htm, we can combine the first and second methods to ultimately determine the session timeout.