=$_SESSION['expires_on']) { logout(); } $_SESSION['expires_on']=time()+INACTIVITY_TIMEOUT; // User accessed a page : Update his/her session expiration date. } function logout() // Force logout, redirect to login page. { unset($_SESSION['uid'],$_SESSION['ip'],$_SESSION['expires_on']); // Delete server-side session info header('Location: login.php'); exit(); // We do not bother deleting the phpsessionID cookie, because it can't be used anyway (All server-side // data attached to this session cookie is deleted. This makes the cookie useless. ) } ?>