Reputation: 95
How can I set a certain time to destroy a session? Can anyone show me the right way to destroy session after 10 minutes? Here is my code:
Session authorization:
session_start();
if(!isset($_SESSION['SESS_MEMBER_ID']) || (trim($_SESSION['SESS_MEMBER_ID']) == '')) {
header("location: index.php");
exit();
}
Session logout:
session_start();
unset($_SESSION['SESS_MEMBER_ID']);
unset($_SESSION['SESS_FIRST_NAME']);
unset($_SESSION['SESS_LAST_NAME']);
header("location: index.php");
Session login:
if($result) {
if(mysql_num_rows($result) == 1) {
//Login Successful
session_regenerate_id();
$member = mysql_fetch_assoc($result);
$_SESSION['SESS_MEMBER_ID'] = $member['id'];
$_SESSION['SESS_USER_ID'] = $member['username'];
$_SESSION['SESS_FIRST_NAME'] = $member['first_name'];
$_SESSION['SESS_LAST_NAME'] = $member['last_name'];
$_SESSION['SESS_USER_TYPE'] = $member['acc_type'];
session_write_close();
header("location: user_profile.php");
exit();
} else {
header("location: loginerr.php");
exit();
}
} else {
die("Query failed");
}
Upvotes: 2
Views: 165
Reputation: 360922
You can't, unless you roll your own session handling system. The default session cleanup system is run randomly. Every invocation of a PHP script that calls session_start()
has a chance of triggering the garbage collector.
When the GC fires up, it basically rolls through the session storage directory and looks for any files which haven't been accessed in more than the default expiry period, and deletes any that are "stale".
By definition, if a session is used (e.g. session_start()
is called and that particular session file gets loaded), then it cannot be stale and will not be deleted.
You'd need an external system to schedule the deletion, e.g. using the at
scheduler.
Upvotes: 2