I'm making a webapp and using session to keep loged in user data. i I set 2 variables $_SESSION["loged_in"] and $_SESSION["user_id"] to know whether the user is connected or not. but when the session reach it's timeout, the variables still exists which distort my logic. how can i solve that ?
Are you sure that session has reached it's timeout?
Based on your question, if the session is still exist I think the session has not reached it's timeout. session have a lifetime. session lifetime can you see in a file that name php.ini
In that file you can found how long session lifetime in the value of var session.gc_maxlifetime. You can set/change session lifetime by following the steps in the following link How to change the session timeout in PHP?
====== UPDATE ======
based on your comment, may be you haven't create code to logout the user if they try to load a page when they've been inactive for too long
you must "create code to check session time and create code to logout" in every .php file you have.
if( $_SESSION['last_activity'] < time()-$_SESSION['expire_time'] ) {
header('Location: http://yoursite.com/logout.php');
}
else{
$_SESSION['last_activity'] = time(); //this was the moment of last activity.
}