Destroy session when the User leaves the site

**pbmods** · Sep 3 '07, 04:49 PM

Heya, Steve. Welcome to TSDN!

Changed thread title to better describe the problem (did you know that threads whose titles do not follow the Posting Guidelines actually get FEWER responses?).

Because of the stateless nature of the web, you can't really know when the User is looking at your site, or even when he leaves. Sure, JavaScript has an unload event, but what if the User has JavaScript turned off? And how would you be able to tell the difference between unloading the page in preparation for loading a different site and unloading the page before loading a different page on your site?

Perhaps a better solution would be to implement a timeout on your sessions, so that if the User doesn't send any requests to the server for awhile, his session will be invalidated.

**Steve D** · Sep 4 '07, 08:01 AM

Thanks for your help. I have already implemented a time out on the session, but was hoping there might be a way of explicitly destroying the session by perhaps capturing the URL in the address bar before the page unloads and comparing the domain name with that of my own site then firing some code to destroy the session if different. I know that still leaves the problem the users ability to disable javascript, but it would be interesting to know if it could be done?

Thanks again for your help

Originally posted by pbmods

Heya, Steve. Welcome to TSDN!

Changed thread title to better describe the problem (did you know that threads whose titles do not follow the Posting Guidelines actually get FEWER responses?).

Because of the stateless nature of the web, you can't really know when the User is looking at your site, or even when he leaves. Sure, JavaScript has an unload event, but what if the User has JavaScript turned off? And how would you be able to tell the difference between unloading the page in preparation for loading a different site and unloading the page before loading a different page on your site?

Perhaps a better solution would be to implement a timeout on your sessions, so that if the User doesn't send any requests to the server for awhile, his session will be invalidated.

**pbmods** · Sep 4 '07, 02:24 PM

Heya, Steve.

It is possible, if a tad unreliable.

The best way to do this would be to open a new window onunload that sends the request to the server to handle this.

Pop-up blockers would wreck havoc, but so it goes.

**greywolf001au** · Sep 10 '08, 07:02 AM

i have been attempting to use this to do what you are asking, it appears to work, only i am getting the url reset to the function whenever i login to my site. will explain in more detail after code.

JavaScript:

Code:

function killSession() {
	location = 'mypage.php?destroySession=true';
}

PHP:

Code:

if (isset($_GET['destroySession']) && $_GET['destroySession'] == "true") {
	session_destroy();
	$closeWin = "window.close()";
} else {
	$closeWin = "";
}

HTML:

Code:

<body onload="<?php echo $closeWin; ?>"  onunload="killSession();">

Ok, my site uses post and session variables to perform most function, i have a custom login box etc, when I log in the $_GET variable is set in the url. the window does not close but the function has not been called again so should not be there. I have tried various ways to change this including changing to false which didn't make it change. Otherwise it does destroy the session when the window is closed. Probably too well in other areas, I have a hidden div containing the log in box using javascript to show in certain php events. when I have the echo function in the body onload event as shown above, variables are not being set when i revisit the page, and therefore the log in box wont display. If I remove the echo it works except for the url problem. To sum up i need a way to reset the url. php's unset() function didn't work either.

**bnashenas1984** · Sep 10 '08, 03:10 PM

Hi everyone
I really don't think it could be possible to make sure a server side function is called when ever user closes the browser.
Even if we use a popup window or a java function , What happens if the user disconnects the internet connection before closing the browser or like you said what if the user has javascript turned off or a popup blocker.
I think the best way for your issue is to try to find a way to make that session 100% useless to others.

It can be done by many different ways. Like checking the ip . I'm sure you can think of many better ways

what I did in my website was that I reduced the session life time to 2 minutes and then I put a hidden IFRAME which got refreshed every 30 seconds.
Of course refreshing an IFRAME makes a click sound in IE but you can prevent that with a javascript

Good luck

Destroy session when the User leaves the site

Destroy session when the User leaves the site

Comment

Comment

Comment

Comment

Comment