W3docs
en
Log in

How to Modify Session Timeout in PHP

In this short snippet, we will represent to you how to modify the session time out with the help of PHP functions.

Tags

As a rule, sessions are kept for checking whether a particular user is active or not.

Once the user goes inactive and forgets to log out from the web page, it may cause security issues. By default, PHP session cookies expire when the browser closes, though server-side session data persists until garbage collection runs.

Here, you will learn how to start a session and how to modify it accurately using PHP.

Starting a Session

Now, let’s see how to start a session using PHP functions.

Use session_start()

If you want to start a session with PHP, you can use the <kbd class="highlighted">session_start()</kbd> function. The syntax to use is as follows:

php session_start

session_start();

Generate Session Variables

After starting a session, you can create session variables to use them in the future.

You can create and assign them as shown below.

  • Generate a session variable <kbd class="highlighted">'var1'</kbd> and assign the value of <kbd class="highlighted">3</kbd> to it:

php create a session variable

$_SESSION['var1']=3;
  • Assign a variable to the session:

assigning a php variable to session

$username="Michael";
$_SESSION['username']=$username;

Destroying the Variables and the Session

After creating the session and its variables, you can delete them.

If you want to clear all session variables, you can run this command:

php session_unset

session_unset();

To completely destroy the session, use:

php session_destroy

session_destroy();

Modifying the Session Timeout

Consider a login page with a "Login" button. When clicked, the session starts, variables are set, and the user is redirected to the homepage.

Let’s check out an example of the actions on the login page:

Note: header() calls must precede any output to avoid errors. In production, always validate input and verify the HTTP request method (e.g., $_SERVER['REQUEST_METHOD'] === 'POST').

php modify session on login page

<?php

// Session is starting
session_start();
$username = $_POST["username"];

if (isset($_POST["Login"])) {
  // Session Variables are created
  $_SESSION["user"] = $username;

  // Login time is stored within a session variable
  $_SESSION["login_time_stamp"] = time();
  header("Location:homepage.php");
}

?>

On the homepage, call <kbd class="highlighted">session_start()</kbd> to access session variables. Use time() to get the current timestamp. Compare it with the login timestamp; if the difference exceeds the desired timeout, destroy the session and redirect to the login page.

To better understand the homepage logic, see the example below:

php modify session on the homepage

<?php

session_start();

// To check if the session has begun
if (isset($_SESSION["user"])) {
  if (time() - $_SESSION["login_time_stamp"] > 600) {
    session_unset();
    session_destroy();
    header("Location:login.php");
  }
} else {
  header("Location:login.php");
}

?>

Note: For production environments, consider configuring session.gc_maxlifetime or session.cookie_lifetime in php.ini instead of manual timestamp checks.

The session_start() Function in PHP

This function starts a new session or resumes an existing one. When called, PHP invokes the configured session save handlers (either built-in or provided by extensions) to open and read session data.

To learn more about the <kbd class="highlighted">session_start</kbd> function, you can check out this source.