J. Doe J. Doe - 6 months ago 11
PHP Question

Set $_SESSION["reverify"] if time is

I'm trying to create a script which sets

$_SESSION["reverify"]
to
TRUE
when 20 minutes have passed without activity on their account (such as page clicks).


Explanation about the
$_SESSION
: When
$_SESSION["reverify"]
is set to
TRUE
, the user has to
reverify him or herself.


I have tried this:

$expire_stamp = date('Y-m-d H:i:s', strtotime("+20 min"));
$now_stamp = date("Y-m-d H:i:s");

if($now_stamp == $expire_stamp) {
$_SESSION["reverify"] == true;
}


But it's not a good script at all, and has so many downsides. Am I overthinking, or just being a noob? I can't get this right.




if (isset($_SESSION['loggedin_time']) && (time() - $_SESSION['loggedin_time'] > 120)) {
$_SESSION["reverify"] = true;
}

if(isset($_SESSION["reverify"]) && $_SESSION["reverify"] = true) {
header("Location: index.php?reverify=true");
}

Answer

Session timeout with session properties is not so good idea. The problem you are looking to crack has very good explaination at this link here.

This is answer to another question at stack overflow and is a good read

Hope this helps

<?php
session_start();

$minutes_allowed    =   1;
$timeIn20Minutes = time() + $minutes_allowed*60; 

if(!isset($_SESSION['last_time_allowed'])){
   $_SESSION['last_time_allowed']   =   $timeIn20Minutes;

    echo 'setting session';
    die();
}

if(time() >= $_SESSION['last_time_allowed']){
    echo 'session expired';
}
else{
  echo 'session active';
}
?>

Please see the code above works . You can test with this code, and thereafter integrate it in your workflow. Please see that this method though will not work after 19 January 2038 refered to as Y2k38 bug.