How can I make a session ID invalid after a certain period of time in PHP?
To make a session ID invalid after a certain period of time in PHP, you can set a session timeout and check the session creation time against the current time. If the session has been active for longer than the specified timeout, you can regenerate the session ID to invalidate the old one.
// Set session timeout (e.g. 30 minutes)
$session_timeout = 30 * 60; // 30 minutes in seconds
// Start or resume session
session_start();
// Check if session is active for longer than timeout
if (isset($_SESSION['last_activity']) && (time() - $_SESSION['last_activity'] > $session_timeout)) {
// Regenerate session ID to invalidate old session
session_regenerate_id(true);
}
// Update last activity time
$_SESSION['last_activity'] = time();
Keywords
Related Questions
- How can XHTML validation be maintained when using nl2br() function in PHP for text formatting?
- What best practices should be followed when querying a database in PHP to prevent vulnerabilities?
- What are some common pitfalls when handling form submissions in PHP, such as sending unnecessary data in emails?