Restart User Session, reset session timeout


I want to refresh the session timeout every time a logged in user calls the user frontend.
For that I added the s::restart(); line at the top of every frontend page.

My problem is that the session is not restarting, meaning the $_SESSION stays the same and the user is logged out after the timeout.

The goal is having an on-site javascript timer, that displays the time to session expiration and resets every time the user clicks a link and calls the server. The use-case is having a more secure session management, that logs out the user after 8 minutes of inactivity, similar to the session managing that many online banking platforms are using.

How can this be achieved?

Thank you, Anton

I think you’ll find a basic solution to your problem is already implemented into Kirby by default.

Kirby keeps a session token called “kirby_session_activity” that holds a timestamp, updated on each request.

["kirby_session_activity"]=> int(1520591607)

Inside the Kirby toolkit you can find this code, handling session timeouts

public static function check() {

    // check for the last activity and compare it with the session timeout
    if(isset($_SESSION['kirby_session_activity']) && time() - $_SESSION['kirby_session_activity'] > static::$timeout * 60) {
      return false;      

    $_SESSION['kirby_session_activity']    = time();

    return true;


  if(!static::check()) {
      return static::destroy();

As you can see this is basically what you are trying to implement. A timestamp that updates on each request, and a session destroy when the user’s timeout has expired. Maybe you could use XmlHttpRequests to fetch $_SESSION[“kirby_session_activity”], parse the timestamp into a countdown and display that on your website?


Thanks for the input dreadnip,

so as I understand it now, the cookie lifetime is not resettable, but the session timeout resets on every server call.

I tested this and it turns out to work well.


1 Like