J. Doe J. Doe - 10 months ago 34
PHP Question

Set $_SESSION["reverify"] if time is

I'm trying to create a script which sets

when 20 minutes have passed without activity on their account (such as page clicks).

Explanation about the
: When
is set to
, the user has to
reverify him or herself.

I have tried this:

$expire_stamp = date('Y-m-d H:i:s', strtotime("+20 min"));
$now_stamp = date("Y-m-d H:i:s");

if($now_stamp == $expire_stamp) {
$_SESSION["reverify"] == true;

But it's not a good script at all, and has so many downsides. Am I overthinking, or just being a noob? I can't get this right.

if (isset($_SESSION['loggedin_time']) && (time() - $_SESSION['loggedin_time'] > 120)) {
$_SESSION["reverify"] = true;

if(isset($_SESSION["reverify"]) && $_SESSION["reverify"] = true) {
header("Location: index.php?reverify=true");


Session timeout with session properties is not so good idea. The problem you are looking to crack has very good explaination at this link here.

This is answer to another question at stack overflow and is a good read

Hope this helps


$minutes_allowed    =   1;
$timeIn20Minutes = time() + $minutes_allowed*60; 

   $_SESSION['last_time_allowed']   =   $timeIn20Minutes;

    echo 'setting session';

if(time() >= $_SESSION['last_time_allowed']){
    echo 'session expired';
  echo 'session active';

Please see the code above works . You can test with this code, and thereafter integrate it in your workflow. Please see that this method though will not work after 19 January 2038 refered to as Y2k38 bug.