A Strict PHP Session Session Timeout Setting Method
- 2021-06-28 11:57:20
- OfStack
Recently, an PHP project used the ability to restrict login time, such as automatically quitting after a user logged in to the system for 60 minutes if there is no operation. I searched the network and collected the following methods for reference.
The first method is to set the php.ini configuration file and session.gc_maxlifetime and session.cookie_lifetime node attribute value, of course ini_The set function changes the property value of the current context:
ini_set('session.gc_maxlifetime', "3600"); // second
ini_set("session.cookie_lifetime","3600"); // second
The second method is to set the Session timestamp, such as the following.
Set timestamp to 1 hour behind current time when login is successful, $_SESSION ['expiretime'] = time () + 3600;.Use the following code to check user login:
if(isset($_SESSION['expiretime'])) {
if($_SESSION['expiretime'] < time()) {
unset($_SESSION['expiretime']);
header('Location: logout.php?TIMEOUT'); // Logout
exit(0);
} else {
$_SESSION['expiretime'] = time() + 3600; // Refresh timestamp
}
}
According to the article https://www.ofstack.com/article/52961.htm, we can combine the first and second methods to ultimately determine the session timeout.