1

Possible Duplicate:
Firefox session cookies

I'm creating a website in which users are allowed to view certain pages only when logged in. To accomplish this, I check to see if $_SESSION['uid'] is set and if it is not, I send the user back to the homepage instead of to the private page. However, after the user closes his browser, $_SESSION['uid'] stays set and so the user is allowed to view the private page without having to log in again. Why is this? Why is the $_SESSION['uid'] variable staying set across browser sessions? The site works properly in Chrome but not FF.

Community
  • 1
  • 1
user532493
  • 337
  • 1
  • 3
  • 11
  • 1
    http://stackoverflow.com/questions/3068744/php-session-timeout – Brad Jun 19 '12 at 20:03
  • 1
    It is a known 'bug' in Firefox (they call if a configurable feature, I disagree), it keeps cookies with lifetime 0. You can only hope the session is at some point deleted by the garbage collector. See also:http://stackoverflow.com/a/1083020/358679 – Wrikken Jun 19 '12 at 20:03
  • FWIW, Chrome also has this horrible misfeature starting with version 18 or so... – Michael Berkowski Jun 20 '12 at 13:42

1 Answers1

0

You can try to change the PHP settings to force the expire times:

ini_set('session.cookie_lifetime', 0);
ini_set("session.cache_expire", 0);

This could also work (automatically expires the cookie when you close the browser):

ini_set('session.use_only_cookies', 0);