Is it possible to do a secure area without any use of session stuff?
What i fear about sessions is that it makes use of cookies which is not ideal if i am going to access it on a public system.

edit : it does not have to use a BD as it is going to be a single user thing.

To recognise a user you need them to send a token with every request. That token can be a cookie, query string or form data.

I decided to use sessions so how do i make the session expire after some time?
i know that i can set sessions to expire in the php.ini file which i won't have access to.
is there a way to overcome it in the script itself?

is there a way to overcome it in the script itself?ini_set()

session_set_cookie_params (http://www.php.net/manual/en/function.session-set-cookie-params.php) can be used to control the lifetime of the session cookies. It would need to appear on each controlled page before the session_start() command. (This would be another good reason to put all the session/login stuff into a single file which can be require()'d at the start of each page's file.)