What are the potential pitfalls of setting a session timeout in PHP?

Setting a session timeout in PHP can potentially lead to users being logged out unexpectedly if they are inactive for the specified period of time. To avoid this issue, it is important to properly handle session timeouts by providing users with a warning before logging them out and allowing them to extend their session if needed.

// Set session timeout to 30 minutes
ini_set(&#039;session.gc_maxlifetime&#039;, 1800);

// Check if session is about to expire and prompt user to extend
if (isset($_SESSION[&#039;LAST_ACTIVITY&#039;]) &amp;&amp; (time() - $_SESSION[&#039;LAST_ACTIVITY&#039;] &gt; 1500)) {
    echo &quot;Your session is about to expire. Do you want to extend?&quot;;
    // Add logic to extend session if user confirms
}

$_SESSION[&#039;LAST_ACTIVITY&#039;] = time();

Keywords

session timeout PHP security risks session hijacking session management

What are the potential pitfalls of setting a session timeout in PHP?

Keywords

Related Questions