There is the $SessionLifeTime variable set in config.php, however it doesn't really work. What this actually does is to "specifies the number of seconds after which data will be seen as 'garbage' and potentially cleaned up". However when the garbage collector actually gets around to cleaning it up is a different matter, and sometimes the session can live on for many hours.
The way I do it is with the following code in session.php:
PHP Code:
if (isset($_SESSION['LastActivity']) and (time() - $_SESSION['LastActivity']) > $SessionLifeTime) {
if (basename($_SERVER['SCRIPT_NAME']) != 'Logout.php') {
header('Location: Logout.php');
}
} else {
$_SESSION['LastActivity'] = time();
}
which is maintaining a variable in the current session for when the last activity took place, and if it extends beyond $SessionLifeTime then the user is logged out. This accurately ensures user settings are closed when they should be.
Tim