這取決於你的網站的邏輯。如果你想嘗試使用這個。
<?php
session_start(); $t=time(); $diff=0; $new=false;
if (isset($_SESSION['time'])){
$t0=$_SESSION['time']; $diff=($t-$t0); // inactivity period
} else {
$new=true;
}
if ($new || ($diff > 10)) { // new or with inactivity period too long
//session_unset(); // Deprecated
$_SESSION=array();
// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) { // PHP using cookies to handle session
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 3600*24, $params["path"],
$params["domain"], $params["secure"], $params["httponly"]);
}
session_destroy(); // destroy session
// redirect client to login page
header('HTTP/1.1 307 temporary redirect');
header('Location: login.php?msg=SessionTimeOut');
exit; // IMPORTANT to avoid further output from the script
} else {
$_SESSION['time']=time(); /* update time */
echo '<html><body>Tempo ultimo accesso aggiornato: ' .$_SESSION['time'].'</body></html>';
}
?>
但我建議使用session_regenerate_id()
代替session_destroy()