$session_timeout)) { // Session has expired session_unset(); session_destroy(); setcookie('username', '', [ 'expires' => time() - 3600, 'path' => $config['folder'], 'domain' => $config['domain'], 'secure' => isset($_SERVER['HTTPS']), 'httponly' => true, 'samesite' => 'Strict' ]); header('Location: ' . $app_root . '?page=login&timeout=1'); exit(); } // Update last activity time $_SESSION['LAST_ACTIVITY'] = time(); // Regenerate session ID periodically (every 30 minutes) if (!isset($_SESSION['CREATED'])) { $_SESSION['CREATED'] = time(); } else if (time() - $_SESSION['CREATED'] > 1800) { // Regenerate session ID and update creation time session_regenerate_id(true); $_SESSION['CREATED'] = time(); }