Session destroy when closing browser

**Jerry Stuckle** · Jun 2 '08, 10:33 AM

Re: Session destroy when closing browser

T. Wintershoven wrote:

Hi all,
>
After a visitor has loged in, a session is started.
The session is destroyed after the visitor clicked "Log out'.
>
When the visitor forgets to log out and closes the browser immediately, the
session stil exists because when the visitor opens the browser again and
comes back to the site he/she is still loged in.
Ofcourse i don't want that.
I want the session to be destroyed when the visitor closes the browser
immediately.
>
Is there a way to destroy a session when the user closes the browser and
forgets to log out.
>
If instead of php, javascript is necessary, please tell me also.
>
T.i.a.
>
Best regards,
Tino Wintershoven.
The Netherlands
>
>
>

In your php.ini file, set the value:

session.cookie_ lifetime=0

Or, before EVERY session_start() call, use:

session_set_coo kie_params(0);

--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attgl obal.net
=============== ===

**=?ISO-8859-1?Q?=22=C1lvaro_G=2E_Vicario=22?=** · Jun 2 '08, 10:33 AM

Re: Session destroy when closing browser

Jerry Stuckle escribió:

>Is there a way to destroy a session when the user closes the browser
>and forgets to log out.

[...]

In your php.ini file, set the value:
>
session.cookie_ lifetime=0
>
Or, before EVERY session_start() call, use:
>
session_set_coo kie_params(0);

Apart from this, note that session data still exists on server; it will
be deleted eventually, when next "garbage" collection happens. In
general, the server has no way to know that you've closed the browser.
Usually, that's not an issue*, just be aware of it.

(*) It's an issue when you're paranoid about hackers using someone
else's session ID

--
-- http://alvaro.es - Álvaro G. Vicario - Burgos, Spain
-- Mi sitio sobre programación web: http://bits.demogracia.com
-- Mi web de humor al baño María: http://www.demogracia.com
--

**Jerry Stuckle** · Jun 2 '08, 10:33 AM

Re: Session destroy when closing browser

Álvaro G. Vicario wrote:

Jerry Stuckle escribió:

>>Is there a way to destroy a session when the user closes the browser
>>and forgets to log out.

[...]

>In your php.ini file, set the value:
>>
>session.cookie _lifetime=0
>>
>Or, before EVERY session_start() call, use:
>>
>session_set_co okie_params(0);

>
Apart from this, note that session data still exists on server; it will
be deleted eventually, when next "garbage" collection happens. In
general, the server has no way to know that you've closed the browser.
Usually, that's not an issue*, just be aware of it.
>
>
(*) It's an issue when you're paranoid about hackers using someone
else's session ID
>
>

If you're that paranoid about hackers, you should be using https protocol.

--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attgl obal.net
=============== ===

Session destroy when closing browser

Session destroy when closing browser

Comment

Comment

Comment