I have a dedicated server host running apache which i have access to the configuration files. I protected a web directory on the site which requires the user to enter a password but how can i make this session expire? I seemed to have logged in 3 days ago on the site and can still login now with the same cookie that was stored 3 days ago... How can i timeout that user after an amount of inactive time?

Are you using cookies/http or htaccess or other authentication using PHP or CGI or what?

Some basic ideas here (http://www.issociate.de/board/post/277174/htaccess_session_timeout.html). I personally have not experimented with setting cookies but have used straight PHP based forms and htaccess.