Home/ Questions/Q 6987493
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-27T18:56:41+00:00

I am building a online ticket booking site . In this I am doing

  • 0

I am building a online ticket booking site . In this I am doing the following things : The user searches the bus with their seat numbers . The database is updated with the seat numbers with temp_seat_book = 'Y' . If he books the ticket paying money his status will be updated to final_ticket_book = 'Y' . Now I want to delete the field whose temp_seat_book = 'Y' but
final_ticket_book = 'N' . For this I need to delete the session_ids which is more than 10minutes old and final_ticket_book = 'N'. So how I can implement the background job?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Instead of doing a search for files (which involves more i/o ) etc,
    What is a session cookie: Session Cookie
    A better way is to store a time stamp of the ‘most recent activity’ in the $_SESSION variable.
    And updating the session data on every request (including the automated periodic ajax calls if any).

    Lets say you want to unset the session after 10 minutes,

    if (isset($_SESSION['most_recent_activity']) && 
    (time() -   $_SESSION['most_recent_activity'] > 600)) {

 //600 seconds = 10 minutes
 session_destroy();   
 session_unset();  

 }
 $_SESSION['most_recent_activity'] = time(); // the start of the session.

    To avoid attacks like Session fixation: (Session Fixation is an attack that permits an attacker to hijack a valid user session) keep regenerating the session id periodically say for 5 mins (I would suggest to keep the regeneration time as well as session expire time a bit more). A more elaborate list of attacks: attack list.

    if (!isset($_SESSION['CREATED'])) {
    $_SESSION['CREATED'] = time();
    } 
else if (time() - $_SESSION['CREATED'] > 600) {
    session_regenerate_id(true);    
    $_SESSION['CREATED'] = time();  
    }

    Also, make sure session.gc-maxlifetime is set to the maximum expire time you want to use.
    You can do this 

    ini_set('session.gc-maxlifetime', 600)

    Or
    Set it directly in your php.ini.

    and also

    session.cookie_lifetime :

    session.cookie_lifetime specifies the lifetime of the cookie in seconds which is sent to the browser.

    But, destroying the session must be taken care at the server-side and not the client-side.
    Setting the session.cookie_lifetime set to 0 would make the session’s cookie behave the way a session cookie should i.e. that a session cookie is only valid until the browser is closed.

    Although this method is a tad tedious, Its more elegant.

    Ah, found the link which I had read a long time ago! : How do I expire a PHP session after 30 minutes?

    • 0