How can PHP developers ensure that session timeouts are properly enforced in an AJAX-driven application?

In an AJAX-driven application, PHP developers can ensure that session timeouts are properly enforced by setting a timestamp in the session when the user logs in and checking this timestamp on each AJAX request to see if the session has expired. If the session has expired, the user can be redirected to the login page.

// Start session
session_start();

// Set session timeout period in seconds
$session_timeout = 1800; // 30 minutes

// Check if user is logged in
if(isset($_SESSION[&#039;logged_in&#039;]) &amp;&amp; $_SESSION[&#039;logged_in&#039;] === true) {
    // Check if session has expired
    if(isset($_SESSION[&#039;last_activity&#039;]) &amp;&amp; (time() - $_SESSION[&#039;last_activity&#039;]) &gt; $session_timeout) {
        // Session has expired, redirect to login page
        header(&quot;Location: login.php&quot;);
        exit();
    }

    // Update last activity timestamp
    $_SESSION[&#039;last_activity&#039;] = time();
} else {
    // User is not logged in, redirect to login page
    header(&quot;Location: login.php&quot;);
    exit();
}

Keywords

PHP session timeouts AJAX application enforcement

How can PHP developers ensure that session timeouts are properly enforced in an AJAX-driven application?

Keywords

Related Questions