can I add a cookie logout to this script?

Question

I'm using this script to login users and I want to know if I can add a simple cookie that will automatically logout the user after 30 mins of inactivity.

...
if($count){
        session_start();
       session_regenerate_id();
        $_SESSION['SESS_USERNAME'] = $myusername;
        $_SESSION['SESS_PASSWORD'] = $mypassword;
        session_write_close();
       header("location: login_success.php");
        }

which connects to:

<?php
 session_start();
 if(!isset($_SESSION['SESS_USERNAME']) || !isset($_SESSION['SESS_PASSWORD']) ||     (trim($_SESSION['SESS_USERNAME']) == '')) {
            //someone's not logged in
    header("location: index.php"); //it's suppose to actually be there
            exit();
  }
 ?>

then to end the session:

<?php 
session_start();
session_destroy();
?> 

is this possible? this script is off the net, as I don't know a lot about PHP just a bit, so if its difficult I won't bother!

Thanks for your time!

Answer 1

$_SESSION['expiry'] = time() + 30 * 60;

if ($_SESSION['expiry'] < time()) {
    session_destroy();
}

Answer 2

Sessions are automatically expired after a while -- which will cause your inactive user to be logged-out.

For the duration, see the session.gc_maxlifetime directive : you'll want to set it to 1800 seconds.

This can be done in your php.ini file, for a server-wide configuration, or using the following line of code :

ini_set('session.gc_maxlifetime', 1800);

Answer 3

You can issue the following command at the top of your script to set the timeout:

ini_set('session.gc_maxlifetime', 30*60); // for 30 min timeout

See the manual page for more information. After the time period PHP will automatically garbage collect the sessions.