Destroying PHP Session after some minutes

Today am going to guild you how you can destroy PHP SESSION after 30 minutes.

Note that this short tutorial is very important in your website to avoid attackers staying longer on your webpage, using different method in other to inject some malware code in your database. or even breaking in with another person user detail.

The below code is what am using, so it is working perfectly.

STEPS.
1: In your login.php page where you have verified that the username and password in database marches POST username and password, use this code

<?php
//Creating now time so i can destroy session after 30 minute

    session_start();

    $_SESSION['luser'] = $username;

     $_SESSION['start'] = time(); // Taking now logged in time.

            // Ending a session in 30 minutes from the starting time.
            $_SESSION['expire'] = $_SESSION['start'] + (30 * 60);
           header("location:home.php");
?>

2: in the home.php use below code

<?php
    session_start();

    if (!isset($_SESSION['luser'])) {
        echo "Please Login again";
   //put link to login page

  }
    else {
        $now = time(); // Checking the time now when home page starts.

        if ($now > $_SESSION['expire']) {

          unset($_SESSION['luser']);
            session_destroy();
            echo "Your session has expired! <a href='http://localhost/somefolder/login.php'>Login here</a>";
        }
        else { //Starting this else one [else1]
?>
            <!-- From here all HTML coding can be done -->
            <html>
                Welcome
                <?php
                    echo $_SESSION['luser'];
                  
                ?>
            </html>
<?php
        }
    }
?>

LOOK HERE: If you want to test this code without waiting for 30 minutes. just edit the above code
where you have (30 * 60) to (3*6). that will help you in fast testing. after you can adjust the code to original.

Drop your comments if you have question or to say thank.

SHARE THIS POST