Session Timer PHP With Detailed Explanation

In PHP, session timer are responsible for the user activity on the web which checks if the user is still active or not.

In addition, once the user is not active or sometimes the user may forget to (logout) from the web page.

There are some instances that some users can view your page or personal account which can lead to a security breach.

Session Timer PHP With Detailed Explanation
Session Timer PHP With Detailed Explanation

What is Session Timer in PHP?

In PHP, session timer is almost used by developers to set and limit the user inactivity on the web.

For instance, the session timeout will limit to only in just 60 seconds and if the user is inactive at the given time, the session of the user will be expired and they need to log in again to access the (web page).

The session timer will destroy all the activities done on the webpage once the browser is closed or once the user is not active for a long period of time.

To start the session in PHP you need to use the session_start() function.



Once the session is already started the session variables is needed to be created for future use of the entire session.


We need to create a session and declare a variable name ‘sessionOne‘ and assign it with a value of ‘26‘.


Assigning a variable and a value into a session variable can simply be done as follows.


To destroy the entire session and session variables of the entire web page, we need to initialize it before destroying the session.

The following command is used to destroy certain sessions of the web page.


The following command is used to completely destroy the session of the web page.


Let us consider that there is a log-in page with a Login button in an HTML form.

Once the user clicks the button the PHP session starts automatically and the session variables are been set.

Furthermore, the session variable was stored the time and the login has been initialized.

Once the login has become successful they are automatically redirected to the homepage.


// Session starts
$userName = $_POST["username"];

if(isset($_POST["Login"])) {

	// Session Variables are created
	$_SESSION["user"] = $userName;

	// Login time is stored in a session variable
	$_SESSION["login_time_stamp"] = time();

Once you’re on the home page, you have to maintain the session and call the session_start() function that allows you to enable and retrieve session variables from the page.

In addition, with the use of time() function the (current time) will automatically calculate.




// To check if session is started.
	if(time()-$_SESSION["login_time_stamp"] > 700)

Where is session timeout set?

A timeout session can be set in a (web.config) file into an application with the use of timeout attribute of the configuration element named sessionstate.

But most of the time you can set the timeout property directly using a PHP code.

For example:


//Set the session timeout for 60 seconds

$systimeout = 60;

//Set the maxlifetime of the session

ini_set( "session.gc_maxlifetime", $systimeout );

//Set the cookie lifetime of the session

ini_set( "session.cookie_lifetime", $systimeout );

//Start a new session


//Set the default session name

$s_name = session_name();

//Check the session exists or not

if(isset( $_COOKIE[ $s_name ] )) {

    setcookie( $s_name, $_COOKIE[ $s_name ], time() + $systimeout, '/' );

    echo "Session is created for $s_name.<br/>";



    echo "Session is expired.<br/>";


What is PHP default session timeout?

The default session timeout is (1440 or 24 minutes), we can also edit based on the time we liked, it only varies on the values we put on the session code.

But almost of the web administrators and developers they almost set it in just only 24 minutes.

Can we set time for session in PHP?

The session timeout in PHP can easily be set or customized in order to make the page inactive after a fixed time session.

In addition, the session_start() is the starting point of the session which is used by millions of webpage around the internet.

How remove session expired in PHP?

To remove an expired session you will just need to use the session_unset() and session_destroy() functions in order to fully set the session timeout to a new session array.

Furthermore, with the use of the session_unset() function, we can easily unset the variable $_SESSION at the run time.

While the session_destroy() function with the use of this we can easily destroy the session start time from the entire storage.

Where are PHP sessions stored?

The sessions are stored on the server (/tmp directory).

By default, all the session data is followed by an alphanumeric string, which is unique or they call it the (session identifier).


This article discusses Session Timer.

It also tackles what is Session Timer, where is session timeout is set, what is PHP default session timeout, whether can we set the time for session, how to remove session expired, and where are PHP sessions stored.

I hope this lesson has helped you learn a lot. Check out my previous and latest articles for more life-changing tutorials which could help you a lot.

Leave a Comment