PHP already has a session.gc_maxlifetime
parameter, which can be changed.
Edit PHP.ini:
session.gc_maxlifetime = 1800
This will expire the session after 1800 seconds (30 minutes).
Verify that the session exists:
So just check if the session exists:
<?php
if(isset($_SESSION['sua_sessao'])){
// Se houver sessão - OK
}else{
header('location: logout.php');
// Se não houver - Redireciona para logout.php
}
?>
The session will expire in 30 minutes and will redirect to logout.php.
Problems and fixes:
Suppose a user NEVER logged in, if he accesses the page he will be redirected to logout.php, because he also does not have a session, which in my opinion would be wrong.
So create a cookie when you log in and check as follows:
<?php
//...
}else{
if(isset($_COOKIE['login'])){
// Se existe o cookie, que já indica que o usuário já se conectou alguma vez
header('location: logout.php');
// Redireciona para logout.
}else{
// Se o visitante caiu de paraquedas na página e nunca fez o login
header('location: login.php');
// Redireciona para o login.
}
?>