Instead of searching for files (which is associated with a large number of I / O operations), etc. What is a session cookie: Session Cookie
It is best to store the timestamp of the "most recent activity" in the $ _SESSION variable.
And updating session data for each request (including automatic periodic ajax calls, if any).
Suppose you want to cancel a session in 10 minutes,
if (isset($_SESSION['most_recent_activity']) &&
(time() - $_SESSION['most_recent_activity'] > 600)) {
session_destroy();
session_unset();
}
$_SESSION['most_recent_activity'] = time();
To avoid attacks like Session Fixing : (Session Fixing is an attack that allows an attacker to capture a real user session) session id periodically speaks for 5 minutes (I would suggest to save the regeneration time, as well as the session expiration time a little more). A more detailed list of attacks: a list of attacks .
if (!isset($_SESSION['CREATED'])) {
$_SESSION['CREATED'] = time();
}
else if (time() - $_SESSION['CREATED'] > 600) {
session_regenerate_id(true);
$_SESSION['CREATED'] = time();
}
, , session.gc-maxlifetime , .
ini_set('session.gc-maxlifetime', 600)
php.ini.
session.cookie_lifetime:
session.cookie_lifetime cookie , .
, , , . session.cookie_lifetime 0 , cookie , cookie i.e, cookie .
, .
, , !: PHP 30 ?