How to set custom SESSION timeout? - Formit -> Cookie -> Secure Landing page

I had the need to make a page accessible only after a user fill in a form.

Following Bob Rays’s instructions (god bless him) on this thread of the old forum I’ve created a series of snippets that do exactly what i want.

This fires as a formit hook just before the redirect to a “secure” page which is set in a TV [[*landing-page]]

$_SESSION['register_code'] = 'somerandomcode';
return true;

This also fires in the same page with the form and checks if the session cookie is already registered and eventually redirects to the secure page. This is to avoid to have to fill in the form every time.

$code = $modx->getOption('register_code', $_SESSION, '', true);

if ($code == 'somerandomcode') {
	// retrieve TV value for authorized page
	$tv = $modx->resource->getTVValue('landing-page');
	// redirect to page
	$modx->sendRedirect($modx->makeUrl($tv, '', '', 'full'));

This fires on the secure page, checks for the cookie and if it’s not found redirects back to the form page

$code = $modx->getOption('register_code', $_SESSION, '', true);

if ($code !== 'somerandomcode') {
	// retrieve TV value for unauthorized page
	$tv = $modx->resource->getTVValue('form-page');
	// redirect to form page
	$modx->sendRedirect($modx->makeUrl($tv, '', '', 'full'));

The solution works as expected but it looks like the SESSION cookie has a duration of 1 week.


I’ve tried looking online but my understanding of PHP is quite limited.
Is there a way i can limit the duration of the cookie for this specific function to something like 30min or 1hour? Or register a different SESSION cookie than the default PHPSESSID one?
This is not a urgent issue but i’m always eager to learn new things :stuck_out_tongue:

Hi there, check this out, it could give you some clues on how to proceed, about changing the session name, you totally can, here is a post explaining it

Maybe you can just save a timestamp in the $_SESSION instead of a random code.

Setting the value:

$_SESSION['register_code'] = time();

Reading the value:

if (isset($_SESSION['register_code']) && $_SESSION['register_code'] >= time() - 1800){
	// "authorized"