Well...this is not Laravel specific question IMO.

You need to log when a session started and you also need to define how long that session can live and decide to destroy or not to destroy.

Checkout http://stackoverflow.com/questions/520237/how-do-i-expire-a-php-session-after-30-minutes

Thanks for the link. As Laravel has its own code for sessions, will the $_SESSION variable contain relevant information?

http://laravel.com/docs/session#session-usage

You can call flush() to remove all the data on a session or call regenerate() to regenerate the session id.

I was aware of that, but I'm not sure what regenerate() does. However, there doesn't seem to be a method to obtain the last activity time like using $_SESSION['LAST_ACTIVITY']. How can a timeout be established without that?

Sorry for the delay in response.

You need to set the value of 'LAST_ACTIVITY" on your own. You probably want to set the value in a filter.

App::before(function ($request) { Session::put('LAST_ACTIVITY', time()); });

something like this.

Thanks for that information. Is their a suitable filter in which to place the code for checking for the expiry, from which a redirection can be made to a "session expired" view?

No problem.

I can't give you an answer since I don't know about your code, but I think you can use the same filter for the verification.

From the stack overflow I linked above,

if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > 1800)) {
    // last request was more than 30 minutes ago
    session_unset();     // unset $_SESSION variable for the run-time 
    session_destroy();   // destroy session data in storage
}
$_SESSION['LAST_ACTIVITY'] = time(); // update last activity time stamp

This can be converted into (not tested)

if (Session::get('LAST_ACTIVITY') && (time() - Session::get('LAST_ACTIVITY') > 1800 )) {
	Session:flush();
}

Session::set('LAST_ACTIVITY', time());	

I couldn't get this to work, then ran out of time, so apologies for not thanking you sooner. I had another go at it today and realised what the problem was: Session::flush() does not delete session data that the app creates, such as the shopping cart details. My solution was to do it like this:

App::before(function($request)
{
	// Expire the session after the given number of seconds of inactivity
	if (Session::get('LAST_ACTIVITY')
		&& (time() - Session::get('LAST_ACTIVITY')) > 1000)
	{
		// Delete session data created by this app:
		OrderController::clear_session();
	}
	Session::put('LAST_ACTIVITY', time());
});

Then, add the following code to the appropriate get handlers in the controller:

if (Session::get('SessionID') == null) {
	return Redirect::to('expired');
}

where "SessionID" is initialised using "Session::set('SessionID', uniqid('S'))", when the shopping cart is created.

You don't have to create your own "LAST_ACTIVITY" key: you can use the Symfony meta-data available in Laravel's session:

$bag = Session::getMetadataBag();
$max = Config::get('session.lifetime') * 60;
if ($bag && $max < (time() - $bag->getLastUsed())) {
    Event::fire('idle.too-long');
}

Firing an event lets you decouple the idle detection logic from the idle reaction logic.