### Session Security Tips Despite there simplicity, there are still ways using sessions can go wrong. Here is a quick overview of some security techniques you can use to ensure you are using sessions safely. #### Session Time-Outs Timing-out sessions is a very important action if you are dealing with users logged in to your website or application. If a user logs in to your site in an Internet café and then leaves the computer and café without logging out, how do you stop the next user on that computer from still having access to the previous user’s session? Well you can use the following code: ~~~ <?php session_start(); // set time-out period (in seconds) $inactive = 600; // check to see if $_SESSION["timeout"] is set if (isset($_SESSION["timeout"])) { // calculate the session's "time to live" $sessionTTL = time() - $_SESSION["timeout"]; if ($sessionTTL > $inactive) { session_destroy(); header("Location: /logout.php"); } } $_SESSION["timeout"] = time(); ~~~ The code ensures that if there is no activity for more than 600 seconds (10 minutes) the request is redirected to the logout page which would successfully log out the user. * * * * * https://www.sitepoint.com/php-sessions/