diff --git a/Admin.php b/Admin.php
index f2cbee2..5bd4081 100644
--- a/Admin.php
+++ b/Admin.php
@@ -1,5 +1,6 @@
 <?php
 include 'NoDirectPhpAcess.php';
+include 'IsValidSession.php';
 ?>
 
 <?php
diff --git a/Course.php b/Course.php
index a4b7976..bb340b2 100644
--- a/Course.php
+++ b/Course.php
@@ -1,5 +1,6 @@
 <?php
 include 'NoDirectPhpAcess.php';
+include 'IsValidSession.php';
 ?>
 
 <?php
diff --git a/Courses.php b/Courses.php
index 29b4eee..a40f3d8 100644
--- a/Courses.php
+++ b/Courses.php
@@ -1,5 +1,6 @@
 <?php
 include 'NoDirectPhpAcess.php';
+include 'IsValidSession.php';
 ?>
 
 <?php
diff --git a/Header.php b/Header.php
index a302d24..f8a922d 100644
--- a/Header.php
+++ b/Header.php
@@ -1,5 +1,4 @@
 <?php
-session_start();
 error_reporting(0);
 date_default_timezone_set('Asia/Shanghai');
 
diff --git a/IsValidSession.php b/IsValidSession.php
new file mode 100644
index 0000000..1d164b5
--- /dev/null
+++ b/IsValidSession.php
@@ -0,0 +1,10 @@
+<?php
+    $currentTime = time();
+    if (session_status() == PHP_SESSION_NONE) {
+        session_start();
+     }
+
+    if($_SESSION['expire'] != null && $currentTime > $_SESSION['expire']) {
+        include 'logout.php';
+    }
+?> 
diff --git a/Script.php b/Script.php
index 68c3b3c..af3b588 100644
--- a/Script.php
+++ b/Script.php
@@ -75,6 +75,11 @@ if (!empty($_POST["form_signup"])) {
     $_SESSION['user_email'] = $email;
     $_SESSION['user_student_id'] = $student_id;
 
+    // set session duration
+    $_SESSION['start'] = time();
+    $session_duration = 120;
+    $_SESSION['expire'] = $_SESSION['start'] + ($session_duration * 60);
+
     // check confirmed password
     if (strcasecmp($password, $confirmpassword) != 0) {
         $_SESSION['info_signup'] = "Password confirmation failed.";
@@ -162,6 +167,11 @@ if (!empty($_POST["frm_login"])) {
                 $_SESSION['user_type'] = $row['UserType'];
                 $_SESSION['user_fullname'] = $row['Full_Name'];
 
+                // set session duration
+                $_SESSION['start'] = time();
+                $session_duration = 120;
+                $_SESSION['expire'] = $_SESSION['start'] + ($session_duration * 60);
+
                 if ($_SESSION['user_type'] == "Student") {
                     header("Location: Courses.php");
                 }