User Login Session Timeout Logout in PHP

This PHP tutorial is used for setting user login session expiration time for the logged-in user. Once, this time is elapsed then the user no longer access the authenticated pages of the application. In previous tutorial, we have created session variables once an user logged in to our application.

In this tutorial we are going to add current logged-in timestamp to a session. Using this timestamp we are checking if the login session expiration time is reached. If so,  the user will be logged out.

View DemoDownload

user-login-session-timeout

HTML code for User Login

This code is for showing login form to the user.

<form name="frmUser" method="post" action="">
<?php if($message!="") { ?>
<div class="message"><?php echo $message; ?></div>
<?php } ?>
<table border="0" cellpadding="10" cellspacing="1" width="100%" class="tblLogin">
<tr class="tableheader">
<td align="center" colspan="2">Enter Login Details</td>
</tr>
<tr class="tablerow">
<td align="right">Username</td>
<td><input type="text" name="user_name"></td>
</tr>
<tr class="tablerow">
<td align="right">Password</td>
<td><input type="password" name="password"></td>
</tr>
<tr class="tableheader">
<td align="center" colspan="2"><input type="submit" name="submit" value="Submit"></td>
</tr>
</table>
</form>

Creating User Login Session

In this code we are adding logged-in user id and logged-in time to a session variable. Then, we are invoking a PHP function to check if the login session expiration time is elapsed. If it is not reached, then the user will be redirected to the dashboard.

if(count($_POST)>0) {
	if( $_POST["user_name"] == "admin" and $_POST["password"] == "admin") {
		$_SESSION["user_id"] = 1001;
		$_SESSION["user_name"] = $_POST["user_name"];
		$_SESSION['loggedin_time'] = time();  
	} else {
		$message = "Invalid Username or Password!";
	}
}

if(isset($_SESSION["user_id"])) {
	if(!isLoginSessionExpired()) {
		header("Location:user_dashboard.php");
	} else {
		header("Location:logout.php?session_expired=1");
	}
}

PHP Function for Checking Login Session Timeout

This function will be invoked at the begining of all authenticated pages. This function returns TRUE if the user login session is expired, FALSE otherwise.

function isLoginSessionExpired() {
	$login_session_duration = 10; 
	$current_time = time(); 
	if(isset($_SESSION['loggedin_time']) and isset($_SESSION["user_id"])){  
		if(((time() - $_SESSION['loggedin_time']) > $login_session_duration)){ 
			return true; 
		} 
	}
	return false;
}

User Login Session Expiration Logout

This logout.php page will unset logged-in user session and check for the status of session_expired flag. If it is set, then the login session timeout message will be displayed to the user.

session_start();
unset($_SESSION["user_id"]);
unset($_SESSION["user_name"]);
$url = "index.php";
if(isset($_GET["session_expired"])) {
	$url .= "?session_expired=" . $_GET["session_expired"];
}
header("Location:$url");

View DemoDownload

This PHP code tutorial was published on November 24, 2014.

↑ Back to Top