What are the best practices for managing session IDs and user sessions when a browser window is closed in PHP?

When a browser window is closed, the session ID and user session in PHP may still exist on the server, leading to potential security risks. To manage this, it is recommended to implement session timeout mechanisms and properly destroy the session when the browser window is closed.

// Set session timeout to 30 minutes
ini_set(&#039;session.gc_maxlifetime&#039;, 1800);
session_start();

// Check if session exists and if it&#039;s expired
if (isset($_SESSION[&#039;LAST_ACTIVITY&#039;]) &amp;&amp; (time() - $_SESSION[&#039;LAST_ACTIVITY&#039;] &gt; 1800)) {
    session_unset();
    session_destroy();
}

// Update last activity time
$_SESSION[&#039;LAST_ACTIVITY&#039;] = time();

Keywords

session ID user session browser window PHP management

What are the best practices for managing session IDs and user sessions when a browser window is closed in PHP?

Keywords

Related Questions