PHP Session Destroy after 30 Minutes

PHP has a core function session_destroy() to clear all the session values. It is a simple no-argument function that returns a boolean true or false.

The PHP session ID is stored in a cookie by default. Generally that session cookie file is name PHPSESSID. The session_destroy function will not unset the session id in the cookie.

View Demo

To destroy the session ‘completely’, the session ID must also be unset.

This quick example uses session_destroy() to destroy the session. It uses the set_cookie() method to kill the entirety by expiring the PHP session ID.

<?php
// Always remember to initialize the session,
// even before attempting to destroy it.

// Destroy all the session variables.
$_SESSION = array();

// delete the session cookie also to destroy the session
if (ini_get("session.use_cookies")) {
    $cookieParam = session_get_cookie_params();
    setcookie(session_name(), '', time() - 42000, $cookieParam["path"], $cookieParam["domain"], $cookieParam["secure"], $cookieParam["httponly"]);
}

// as a last step, destroy the session.
session_destroy();

Note:

1. Use session_start() to reinitiate the session after the PHP session destroy.
2. Use PHP $_SESSION to unset a particular session variable. For an older PHP version, use session_unset().

About this login session_destroy() example

Let’s create a login example code to use PHP session, session_destroy and all. It allows users to login and logout from the current session. Use this code if you are looking for a complete user registration and login in PHP script.

This example provides an automatic login session expiry feature.

Landing page with a login form

This form posts the username and the password entered by the user. It verifies the login credentials in PHP.

On successful login, it stores the logged-in state into a PHP session. It sets the expiry time to 30 minutes from the last login time.

It stores the last login time and the expiry time into the PHP session. These two session variables are used to expire the session automatically.

login.php

<?php
session_start();
$expirtyMinutes = 1;
?>
<html>
<head>
<title>PHP Session Destroy after 30 Minutes</title>
<link rel='stylesheet' href='style.css' type='text/css' />
<link rel='stylesheet' href='form.css' type='text/css' />
</head>
<body>
    <div class="phppot-container">
        <h1>Login</h1>
        <form name="login-form" method="post">
            <table>
                <tr>
                    <td>Username</td>
                    <td><input type="text" name="username"></td>
                </tr>
                <tr>
                    <td>Password</td>
                    <td><input type="password" name="password"></td>
                </tr>
                <tr>
                    <td><input type="submit" value="Sign in"
                        name="submit"></td>
                </tr>
            </table>
        </form>
<?php
if (isset($_POST['submit'])) {
    $usernameRef = "admin";
    $passwordRef = "test";
    $username = $_POST['username'];
    $password = $_POST['password'];

    // here in this example code focus is session destroy / expiry only
    // refer for registration and login code https://phppot.com/php/user-registration-in-php-with-login-form-with-mysql-and-code-download/
    if ($usernameRef == $username && $passwordRef == $password) {
        $_SESSION['login-user'] = $username;
        // login time is stored as reference
        $_SESSION['ref-time'] = time();
        // Storing the logged in time.
        // Expiring session in 30 minutes from the login time.
        // See this is 30 minutes from login time. It is not 'last active time'.
        // If you want to expire after last active time, then this time needs
        // to be updated after every use of the system.
        // you can adjust $expirtyMinutes as per your need
        // for testing this code, change it to 1, so that the session
        // will expire in one minute
        // set the expiry time and
        $_SESSION['expiry-time'] = time() + ($expirtyMinutes * 60);
        // redirect to home
        // do not include home page, it should be a redirect
        header('Location: home.php');
    } else {
        echo "Wrong username or password. Try again!";
    }
}
?>
</div>
</body>
</html>

Dashboard validates PHP login session and displays login, and logout links

This is the target page redirected after login. It shows the logout link if the logged-in session exists.

Once timeout, it calls the destroy-session.php code to destroy all the sessions.

If the 30 minutes expiry time is reached or the session is empty, it asks the user to log in.

home.php

<?php
session_start();
?>
<html>
<head>
<title>PHP Session Destroy after 30 Minutes</title>
<link rel='stylesheet' href='style.css' type='text/css' />
<link rel='stylesheet' href='form.css' type='text/css' />
</head>
<body>
    <div class="phppot-container">
<?php
if (! isset($_SESSION['login-user'])) {
    echo "Login again!<br><br>";
    echo "<a href='login.php'>Login</a>";
} else {
    $currentTime = time();
    if ($currentTime > $_SESSION['expiry-time']) {
        require_once __DIR__ . '/destroy-session.php';
        echo "Session expired!<br><br><a href='login.php'>Login</a>";
    } else {
        ?>
        <h1>Welcome <?php echo $_SESSION['login-user'];?>!</h1>
        <a href='logout.php'>Log out</a>
<?php
    }
}
?>
</div>
</body>
</html>

This PHP code is used for users who want to log out before the session expiry time.

It destroys the session by requiring the destroy-session.php code. Then, it redirects the user to the login page.

logout.php

<?php
session_start();
require_once __DIR__ . '/destroy-session.php';
header('Location: login.php');
?>

I hope this example helps to understand how to destroy PHP sessions. And also, this is a perfect scenario that is suitable for explaining the need of destroying the session.
View Demo Download

Written by Vincy, a web developer with 15+ years of experience and a Masters degree in Computer Science. She specializes in building modern, lightweight websites using PHP, JavaScript, React, and related technologies. Phppot helps you in mastering web development through over a decade of publishing quality tutorials.

↑ Back to Top

• PHP
  • Learn PHP
  • PHP Introduction
  • PHP Basics
    • PHP Delimiters
    • How to Get the Client User IP Address in PHP
    • PHP CURL Post and Get request with example
    • PHP Hello World
    • PHP Print Statements
    • PHP Comments
    • PHP Constants
    • PHP If Else Statement
    • PHP Loops
    • PHP Session Destroy after 30 Minutes
    • foreach in PHP
    • PHP Redirect
    • How to Create Zip Files using PHP ZipArchive and Download
    • PHP include() Vs require()
    • PHP unlink() Vs unset()
    • PHP Namespace
    • How to Generate PHP Random String Token (8 Ways)
    • PHP Validate Email using filter_validate_email and regex
  • PHP Shopping Cart
  • Payment Gateway
  • Contact Form
  • PHP Login Registration
  • Comments System
  • Types, Variables & Operators
  • PHP Strings
  • PHP Arrays
  • PHP Functions
  • PHP OOPS
  • Event Management System
  • PHP Mail
  • PHP Forms
  • Advanced
  • PHP AJAX
  • RESTful API
  • PHP Databases
  • PHP Sessions and Cookies
  • Error and Exception Handling
  • File Upload
  • File Import Export
  • Files and Directories
  • PHP Date Time
  • PHP XML
  • PHP CSV
  • PHP JSON
  • PHP Code Samples
  • Library
  • PHP Freelancer
• jQuery
• JavaScript
• WordPress
• MySQL
• CSS

• Share
• Tweet
• Share

1. Simple PHP Shopping Cart
2. Stripe Payment Gateway Integration using PHP
3. User Registration in PHP with Login: Form with MySQL and Code Download
4. PHP Contact Form
5. How to Create Dynamic Stacked Bar, Doughnut and Pie charts in PHP with Chart.js