How to tell if a PHP session has timed out

Currently I have been testing variables on $_SESSION, and if isset() returns false then assume the session has timed out to show a login page.

session_start();

if (isset($_POST['login'])):
  // Process login credentials
开发者_StackOverflow  $_SESSION['account'] = Array('user'=>'username');
endif;

if (! isset($_SESSION['account'])):
  // User not logged in, show login page
else:
  // User is logged in, show account page
endif;

However a user has recently reported that the account page was blank. I assume no session data was available because my code above is flawed somehow. Could someone point me in the right direction to correctly test if a session has timed out in PHP?

---

if you could use:

if (! isset($_SESSION['account']) && !empty($_SESSION['account'])):
  // User not logged in, show login page
else:
  // User is logged in, show account page
endif;

so this wont pass for 2 conditions,

1. if session isn't set

2. if session is set, but is blank!

still a case exist of invalid values, for eg, username comes to xyz and you dont have any record matching xyz, then it could be a case of fetched no records and therefore it could be blank too!

so more than just these statements, you should have a further check that if the data in $_POST matched to any of your records in the systems, and only after the match is confirmed, you should set this in to $_SESSION.

And these should cover most of your cases, making escapes lesser!