How you 'expire' a session will depend on how your code stores a session and what behavior you mean exactly when you say 'expire.' In my case, I usually call [man]session_start[/man] in my code and then set some value in $_SESSION when a user logs in. Maybe something like this when a user successfully logs in:
// user successfully logged in and we fetched their user info from a database into array $user_info
session_start();
$_SESSION["user_logged_in"] = TRUE;
$_SESSION["current_user_id"] = $user_info["id"];
$_SESSION["current_username"] = $user_info["username"];
This relies on PHP's built-in session handling to store the session related data and maintain a session id. Understanding how sessions work in PHP takes a bit of effort to understand, but this would be time well spent because it's one of the most fundamental tasks you must perform to grant authenticated access to a web application.
If I want to 'log someone out' or forcibily end their session, I can empty these values out:
$_SESSION["user_logged_in"] = FALSE;
unset($_SESSION["current_user_id"]);
unset($_SESSION["current_username"]);
Or, if you want this session to automatically expire after some period of time, it will automatically do so according to the PHP setting session.cache_expire. You may consider reading the PHP documentation on sessions here:
http://php.net/manual/en/book.session.php
