Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
Hello people,
trying to figure out if there is a way to distinguish between an user whose session expired and one that never authenticated himself in the first place.
I am building a back office application and in both cases there would be a redirect to the login form page if you try to access a protected area, but i would like to print out a different message based on the reason of the redirection ("session expired" or "you need to log-in first).
Thanks for your help
The only thing I can think of is a cookie that has a certain lifetime. If the cookie is less than 2 hours old then there's a good chance they were timed out. If there is no cookie or it is older than 2 hours then they are probably logging in for the first time for a while.
Not exact, but possible.
Please or to participate in this conversation.