how to increase session timeout in php?

We are going to add current logged-in timestamp to a session. Using this timestamp we are checking if the login session expiration time is reached. If so, the user will be logged out.

HTML code for User Login

This code is for showing login form to the user.

<form name="frmUser" method="post" action="">
<?php if($message!="") { ?>
<div class="message"><?php echo $message; ?></div>
<?php } ?>
<table border="0" cellpadding="10" cellspacing="1" width="100%" class="tblLogin">
<tr class="tableheader">
<td align="center" colspan="2">Enter Login Details</td>
</tr>
<tr class="tablerow">
<td align="right">Username</td>
<td><input type="text" name="user_name"></td>
</tr>
<tr class="tablerow">
<td align="right">Password</td>
<td><input type="password" name="password"></td>
</tr>
<tr class="tableheader">
<td align="center" colspan="2"><input type="submit" name="submit" value="Submit"></td>
</tr>
</table>
</form>

Creating User Login Session:
In this code we are adding logged-in user id and logged-in time to a session variable. Then, we are invoking a PHP function to check if the login session expiration time is elapsed. If it is not reached, then the user will be redirected to the dashboard.

if(count($_POST)>0) {
 if( $_POST["user_name"] == "admin" and $_POST["password"] == "admin") {
 $_SESSION["user_id"] = 1001;
 $_SESSION["user_name"] = $_POST["user_name"];
 $_SESSION['loggedin_time'] = time(); 
 } else {
 $message = "Invalid Username or Password!";
 }
}

if(isset($_SESSION["user_id"])) {
 if(!isLoginSessionExpired()) {
 header("Location:user_dashboard.php");
 } else {
 header("Location:logout.php?session_expired=1");
 }
}

PHP Function for Checking Login Session Timeout
This function will be invoked at the begining of all authenticated pages. This function returns TRUE if the user login session is expired, FALSE otherwise.

function isLoginSessionExpired() {
 $login_session_duration = 10; 
 $current_time = time(); 
 if(isset($_SESSION['loggedin_time']) and isset($_SESSION["user_id"])){ 
 if(((time() - $_SESSION['loggedin_time']) > $login_session_duration)){ 
 return true; 
 } 
 }
 return false;
}

User Login Session Expiration Logout
This logout.php page will unset logged-in user session and check for the status of session_expired flag. If it is set, then the login session timeout message will be displayed to the user.

session_start();
unset($_SESSION["user_id"]);
unset($_SESSION["user_name"]);
$url = "index.php";
if(isset($_GET["session_expired"])) {
 $url .= "?session_expired=" . $_GET["session_expired"];
}
header("Location:$url");

Try to use this part of code:
You using php Sessions on my website and it seems like they are “disappearing” at random intervals. You don’t know if they are timing out due to inactivity or if something is wrong with my code, but is there some way to control the sessions of when they expire?

session_start();
  $inactive = 600;
  $session_life = time() - $_SESSION['timeout'];
  if($session_life > $inactive) { 
     session_destroy(); 
     header("Location: logoutpage.php"); 
  }
  $_SESSION['timeout']=time();

There is an example of (1) in the documentation for session_set_save_handler(). The example is long but I’ll reproduce it here, with the relevant modifications necessary to extend the session duration. Note the inclusion of session_set_cookie_params() to increase the cookie lifetime as well.

<?php
 class FileSessionHandler

private $savePath;
 private $lifetime;

function open($savePath, $sessionName)
 {
 $this->savePath = 'my_savepath'; // Ignore savepath and use our own to keep it safe from automatic GC
 $this->lifetime = 3600; // 1 hour minimum session duration
 if (!is_dir($this->savePath)) {
 mkdir($this->savePath, 0777);
 }

return true;
 }

function close()
 {
 return true;
 }

function read($id)
 {
 return (string)@file_get_contents("$this->savePath/sess_$id");
 }

function write($id, $data)
 {
 return file_put_contents("$this->savePath/sess_$id", $data) === false ? false : true;
 }

function destroy($id)
 {
 $file = "$this->savePath/sess_$id";
 if (file_exists($file)) {
 unlink($file);
 }

return true;
 }

function gc($maxlifetime)
 {
 foreach (glob("$this->savePath/sess_*") as $file) {
 if (filemtime($file) + $this->lifetime < time() && file_exists($file)) { // Use our own lifetime
 unlink($file);
 }
 }

return true;
 }
 }

$handler = new FileSessionHandler();
 session_set_save_handler(
 array($handler, 'open'),
 array($handler, 'close'),
 array($handler, 'read'),
 array($handler, 'write'),
 array($handler, 'destroy'),
 array($handler, 'gc')
 );

// the following prevents unexpected effects when using objects as save handlers
 register_shutdown_function('session_write_close');

session_set_cookie_params(3600); // Set session cookie duration to 1 hour
 session_start();
 // proceed to set and retrieve values by key from $_SESSION