How to Modify Session Timeout in PHP

  1. Starting a Session
  2. Modifying the Session Timeout
  3. The session_start() Function in PHP
  4. Related Resources

As a rule, sessions are kept for checking whether a particular user is active or not.

Once the user goes inactive and forgets to log out from the web page, it may cause security issues. So, once the browser is closed, the PHP session gets destroyed, by default.

Here, you will learn how to start a session and how to modify it accurately using PHP.

Watch a course Learn object oriented PHP

Starting a Session

Now, let’s see how to start a session using PHP functions.

Use session_start()

If you want to start a session with PHP, you can use the session_start() function. The syntax to use is as follows:

session_start();

Generate Session Variables

After starting a session, you can create session variables to use them in future.

You may generate them and store them in the variables by acting as shown below.

  • Generate a session variable 'var1' and assign the value of 3 to it: 
$_SESSION['var1']=3;
  • Assign a variable to the session:
$username="Michael";
$_SESSION['username']=$username;

Destroying the Variables and the Session

After creating the session and its variables, you can delete them.

If you want to delete a particular session, you can run this command: 

session_unset();

For destroying the session totally, you can act like this: 

session_destroy();

Modifying the Session Timeout

Imagine, there exists a login page and a "Login" button. Once clicking on that button, the session begins, and the variables are set. The session variable for storing the login period is arranged. Then, it is directed to the user homepage.

Let’s check out an example of the actions on the login page:

<?php

// Session is starting
session_start();
$username = $_POST["username"];

if (isset($_POST["Login"])) {
  // Session Variables are created
  $_SESSION["user"] = $username;

  // Login time is stored within a session variable
  $_SESSION["login_time_stamp"] = time();
  header("Location:homepage.php");
}

?>

For keeping the session on the home page, you should call the session_start() function. It allows getting the session variables from the page. For calculating the current time, you can use the time() function. It is essential to note that the difference between the session variable generated at the moment of login and the current time must not exceed the desired timeout. Once the duration exceeds, the session will be destroyed. As a consequence, the page will be redirected to the login page.

For a better perception of what is happening on the home page, check out the example below:

<?php

session_start();

// To check if the session has begun
if (isset($_SESSION["user"])) {
  if (time() - $_SESSION["login_time_stamp"] > 600) {
    session_unset();
    session_destroy();
    header("Location:login.php");
  }
} else {
  header("Location:login.php");
}

?>

The session_start() Function in PHP

This PHP function is used for starting a new session or resuming the existing one. Once the session_start is run, PHP calls the open and read session save handlers. It can either be an inbuilt save handler, which is provided by default or by the extensions of PHP.

To learn more about the session_start function, you can check out this source.