PHPIntermediate

User Login Session Timeout Logout in PHP

PB Pb28 Master Team July 6th, 2023 Intermediate

📦 Get the complete source code for this tutorial

This PHP tutorial is used for setting user login session expiration time for the logged-in user. Once this time is elapsed, the user no longer accesses the authenticated pages of the application.

In the previous tutorial, we created session variables once a user logged in to our application.

This tutorial will add the current logged-in timestamp to a session. We check if the login session expiration time is reached using this timestamp. If so,  the user will be logged out.

View Demo

HTML code for User Login

This code is for showing the login form to the user.

user-login-session-timeout

php-template
<form name="frmUser" method="post" action="">

<?php if($message!="") { ?>

<div class="message"><?php echo $message; ?></div>

<?php } ?>

<table border="0" cellpadding="10" cellspacing="1" width="100%"

		class="tblLogin">

		<tr class="tableheader">

			<td align="center" colspan="2">Enter Login Details</td>

		</tr>

		<tr class="tablerow">

			<td align="right">Username</td>

			<td><input type="text" name="user_name"></td>

		</tr>

		<tr class="tablerow">

			<td align="right">Password</td>

			<td><input type="password" name="password"></td>

		</tr>

		<tr class="tableheader">

			<td align="center" colspan="2"><input type="submit" name="submit"

				value="Submit"></td>

		</tr>

	</table>

</form>

Creating User Login Session

In this code, we are adding a logged-in user id and logged-in time to a session variable. Then, we invoke a PHP function to check if the login session expiration time is elapsed.

The user will be redirected to the dashboard if it is not reached.

php
if(count($_POST)>0) {

	if( $_POST["user_name"] == "admin" and $_POST["password"] == "admin") {

		$_SESSION["user_id"] = 1001;

		$_SESSION["user_name"] = $_POST["user_name"];

		$_SESSION['loggedin_time'] = time();  

	} else {

		$message = "Invalid Username or Password!";

	}

}



if(isset($_SESSION["user_id"])) {

	if(!isLoginSessionExpired()) {

		header("Location:user_dashboard.php");

	} else {

		header("Location:logout.php?session_expired=1");

	}

}

PHP Function for Checking Login Session Timeout

This function will be invoked at the beginning of all authenticated pages. This function returns TRUE if the user login session is expired; FALSE otherwise.

php
function isLoginSessionExpired() {

	$login_session_duration = 10; 

	$current_time = time(); 

	if(isset($_SESSION['loggedin_time']) and isset($_SESSION["user_id"])){  

		if(((time() - $_SESSION['loggedin_time']) > $login_session_duration)){ 

			return true; 

		} 

	}

	return false;

}

User Login Session Expiration Logout

This logout.php page will “unset” the logged-in user session and check for the status of the session_expired flag. If it is set, then the login session timeout message will be displayed to the user.

php
session_start();

unset($_SESSION["user_id"]);

unset($_SESSION["user_name"]);

$url = "index.php";

if(isset($_GET["session_expired"])) {

	$url .= "?session_expired=" . $_GET["session_expired"];

}

header("Location:$url");

View Demo

📦 Download the full project files and try it locally