You might sometimes wonder why when you log in to a certain website and you inactively perform any task after logging in and then you try to navigate to a particular section in the website you are directed to the login page and yet you had logged in some few minutes ago.
The redirection back to the login page is because of session timeout and varies from one website to another.
A session is that uniqueness that identifies you as the same person throughout the website and allows you to access the content of specific web pages. Sessions are used in web applications to check whether the user is active or not therefore the reason you see you are required to log in after a certain period of inactiveness
The good thing with sessions is that as long as you are active or navigating on a website throughout, the session will not timeout or expire meaning it can last to infinity.
In this article, we shall cover how to start a session in PHP, how to destroy a session in PHP, how to increase session timeout in PHP, and also the variables that are involved while working with sessions in PHP
How to start a session in PHP
Like we have said above, sessions do not automatically appear, they are created and assigned a unique value or id to identify the user who is active. The reason why they are assigned unique id’s is to avoid conflict and confusion whenever there is more than one user who is active in the same web application at the same time.
While starting a session in PHP, we use the start session function as shown below
The session start function starts a new session or continues with the already existing one if you visit a new page from a page that had a session defined
The session start function creates a unique id for the user who is currently in the web
How to assign variables to a session
We do assign variables to a session so that we can uniquely match with the records that we have in the website application. For example, during login we usually need to identify which user specifically has been granted access and we use the username the user has entered and assign it to the session so that when we want to fetch the records of the user, we can relate easily
We use the $_SESSION['name_of_the_session'] and assign the variable as follows
//a real example
How to destroy a session in PHP
This happens when you want to logout from an application whereby you tell the system to unlink you from the list of current sessions
To do this, you must define the session that you want to destroy or unset
First, you call the unset function with the session that is active and then follow it with the session destroy function, and then you can decide to redirect the user to another page, for example, the login page to give way for another user to log in
To destroy a session code is as shown
How to increase session timeout in PHP
This is done mostly to increase the inactive time for a user before redirecting the user back to the login page
Lets use an example of adding the session time with 20 minutes
$_SESSION['auth'] = true; // allow session authentication by setting it to true
$_SESSION['start'] = time(); // the current start time of the session
$_SESSION['expire'] = $_SESSION['start'] + (20 * 60); // setting the expiry time to current time added 20 minutes
To determine whether the session of the user has expired we check whether the current time is greater than the session expire time value. If it is, we destroy the session, else we continue maintaining the current session
$_SESSION['auth'] = true;
$_SESSION['start'] = time();
$_SESSION['expire'] = $_SESSION['start'] + (20 * 60);
Unset and destroy session
Session to continue
That is how we work with sessions in PHP, how you have learned. Let us know if you need more elaborations.