You could simply validate the user with session_start(); $tbaged = false; if (isset($_SESSION['user_id'])) { $user = new User($_SESSION['user_id']); $tbaged = true; else { $login = $_REQUEST['screename']; $password = $_REQUEST['pword']; $login = clean($login); $password = clean($pword); $user = checkLogin($login,$pword); if (!is_null($user)) { $tbaged = true; } } if (!$tbaged) { session_destroy(); die("You are not logged in."); } -----Original Message----- From: Tomas Telensky [mailto:tomas@xxxxxxxxx] Sent: Monday, November 12, 2007 12:20 PM To: php-general@xxxxxxxxxxxxx Subject: Trigger an action on session timeout - feature request? Hi, Is there any possibility to trigger an action when the session is inactive for some time? I need to log users' login and logout, and so I need to know about logouts caused by timeout. Neither there seems to be a possibility of a workaround like walking through all my sessions for timeouted ones and destroy them myself. I have searched through the PHP doc and didn't found anything. So probably this is a feature request. Where should I post it? PHP's bug reporting system, unlike many common bug reporting systems, doesn't seem to distinguish between bugs and feature requests. I think this concept of being possible to define something like custom "session destructor" is obvious and useful enough to be worth implementing to PHP. Thanks for help, Tomas -- "No Software Patents!" -- Allowing patents over software ideas will seriously affect the Creativity, Productivity and Freedom of all. Link: http://www.nosoftwarepatents.com/ -- Defend your freedom by signing a petition. Link: http://petition.eurolinux.org/index_html?LANG=en -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php