i have a comments system with an option for a user to 'report' a comment.
When clicking report the comment is simply added into a DB table.
To stop any spamming, i set a session on success.
This was aimed to only allow the user to report a comment every 24 mins.
My question is, should a session expire by itself without the need to close the browser?
Currently the session always exists unless the browser is closed.
I have checked phpinfo() and the lifetime is set to the normal 1440.
Or do i have to perhaps set the value of a session to the current time, and then check the value of the session against the current time when reporting a comment?
Thanks!
if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > 1800)) {
// last request was more than 30 minutes ago
session_unset(); // unset $_SESSION variable for the run-time
session_destroy(); // destroy session data in storage
}
$_SESSION['LAST_ACTIVITY'] = time(); // update last activity time stamp
this will just clear the session