I'm trying to understand when a PHP session will timeout and force the user to log back in again.
When the user first logs in to the site successfully I'm setting a session global like this:
$_SESSION['AcmeAuthenticated'] = TRUE;
On every other page I check at the top of the page for this:
if (!isset($_SESSION['AcmeAuthenticated']) and $_SESSION['AcmeAuthenticated'] !== TRUE) {
header('Location: index.php');
die;
}
I've noticed during development that I can keep my browser open all day and it won't ask me to login again. If I quit the browser then it will prompt me to login again. I checked the PHP info and session.gc_maxlifetime is set to 900 - I took that to mean that the PHP session would end in 15 minutes?
I'm new to PHP so still trying to learn how sessions work and when the timeout comes into effect.