Question:

How do you check to see if a session has timed out?

Summary:

I know that session_cache_expire only returns the value set to session.cache_expire in the php.ini file, so I don't believe that will help.

The session.cookie_lifetime value is set to zero as well.

[FONT=courier new]I know this has been discussed in other threads up to certain points, such as in the thread entitled ' i want my session to timeout after 10 minutes'.

I really don't want a JavaScript solution as suggested in that thread...[/FONT]

However is there a way to check if a session has timed out?

Pseudo Code:

if(session.timeout == true)
{
.... do something ....
}

Thoughts, suggestions or examples would be greatly appreciated!

Thank you.

    if you are using cookies and your session.cookie_lifetime is set to 0 (default) then the cookie will exist until the browser is closed. that's on the client side. on the server side, the session.gc_maxlifetime setting determines how many seconds before which PHP will consider a session "garbage" and will be flagged for deletion. you could simply use [man]filemtime[/man] on the seesion file to see when the last session activity was and then compare that to the session.gc_maxlifetime setting to see how soon it will become "garbage".

      devinemke: Thank you.

      Just to make sure I understand, when you said:

      you could simply use filemtime on the session file...

      What file to refer to as the session file? Do you mean the file that is saved in the session.save_path directory?

      What if you don't have a value specified for the session.save_path, such as no value?

      Thank you for your help!

        session files are plain ASCII text files stored in the directory specified in the session.save_path directive in php.ini (the dafault in /tmp). you can always check this at runtime using the [man]session_save_path[/man] function. the session files are all named "sess_" following by the session id (which is returned from [man]session_id[/man]). using these functions it becomes easy to determine the exact session file being used for a particular session.

          3 months later

          OK, to make sure I understand:

          When testing to see if a session has timed out, would you also have to check if the 'sess_*' file (in the specified PHP.ini temp. directory) was available as well?

          In other words, once the Zend engine has ran gc right before every session initialization; the 'sess_*' file was unavailable because it was deleted during gc.

          Thus, if you where trying to check the 'sess_*' file's last modified time with filemtime(), you would get an E_WARNING because the file is not there anymore.

          With that said, would the following logic work?

          /*
For testing purpose only
Run gc 99% of the time after 10 minutes
*/
ini_set('session.gc_probability', '99' );
ini_set('session.gc_divisor', '100' );
ini_set('session.gc_maxlifetime', '600');

session_start();

$sid =  session_start();
$sid_path = '/tmp/sess_'.$sid;	//UNIX - SUN Solaris

if (file_exists($sid_path))
{
	$s_timeout = (int) date("i", filemtime($sid_path));

if ((int) $s_timeout > 30) {
	$_SESSION=array();

	if (isset($_COOKIE[session_name()])) {
		setcookie(session_name(), '', time()-42000, '/');
	}

	session_destroy();
}
}
else
{
	$_SESSION=array();

if (isset($_COOKIE[session_name()])) {
	setcookie(session_name(), '', time()-42000, '/');
}

session_destroy();
}
            Write a Reply...