CodeIgniter Forums

Full Version: Expire Session When Not Active
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Sleepy

I would like to ask on how to automatically expired user session when it's not active?
I find out that CI never expire it's session and when I tried to make $config['sess_time_to_update'] lower than $config['sess_expiration']
it expired even if the user is actively using the web application.

Thanks in advance.
PHP Code:
$config['sess_expiration'] = 0// Session will expire on web browser close. 
(04-28-2017, 04:50 AM)arisroyo Wrote: [ -> ]Sleepy

I would like to ask on how to automatically expired user session when it's not active?
I find out that CI never expire it's session  and when I tried to  make $config['sess_time_to_update']  lower than $config['sess_expiration']
it expired even if the user is actively using the web application.

Thanks in advance.

Or maybe something like this in MY_Controller if yu like to kick out people who are inactive (=makes no requests):
http://stackoverflow.com/questions/91245...or-15-mins
Depends what you mean with "not active".
Thanks to both of you that helps a lot.

The logic is if user is keep using the web application the session must continue and if inactive for 15 minutes for the session should be expired even without closing the browser.

So I combine PHP.ini session configuration with CI session configuration

PHP.ini Session Configuration

session.gc_maxlifetime = 900 (15 minutes)

CodeIgniter Configuration

$config['sess_expiration'] = 900; (15 Minutes)
$config['sess_time_to_update'] = 450; (7 half minutes for update)
If you need to check the time then you would need to use a javascript timer event for check like that,
then you could just have the sessions not expire until browser close. If you need to keep them logged it
then you could do an autoload user on web site access using a remember me cookie.
I think you should be OK by setting time() in a sesssion on each request. Every new request compares time() with the timestamp you put in the session on the old request. If the diff is >15 min, kick the user out by destroying and unset the session, If the diff is < 1 min overwtire the session with the new time().
With database sessions, you could always do a delete query for timestamps older than X mins. Run this via cron every minute or whenever you feel like it.