What are the best practices for handling session timeouts in PHP to ensure security and user experience?

Session timeouts are important for security as they help prevent unauthorized access to a user's session data. To ensure a good user experience, it's important to handle session timeouts gracefully by redirecting the user to a login page or displaying a message when their session expires.

// Set session timeout to 30 minutes
ini_set(&#039;session.gc_maxlifetime&#039;, 1800);

// Start the session
session_start();

// Check if the session is active
if (isset($_SESSION[&#039;LAST_ACTIVITY&#039;]) &amp;&amp; (time() - $_SESSION[&#039;LAST_ACTIVITY&#039;] &gt; 1800)) {
    // Session expired, destroy session and redirect to login page
    session_unset();
    session_destroy();
    header(&#039;Location: login.php&#039;);
    exit;
}

// Update last activity time stamp
$_SESSION[&#039;LAST_ACTIVITY&#039;] = time();

Keywords

session timeouts security user experience PHP functions libraries

What are the best practices for handling session timeouts in PHP to ensure security and user experience?

Keywords

Related Questions