You can set an expiration time for the session data, test it with each session_start
call and destroy the session if it’s expired:
session_start();
if (!isset($_SESSION['EXPIRES']) || $_SESSION['EXPIRES'] < time()+3600) {
session_destroy();
$_SESSION = array();
}
$_SESSION['EXPIRES'] = time() + 3600;