1

I am confused regarding Session in PHP. My question is when a user closes directly red cross button without logging out whether the session is destroyed or not. If he again opens that page whether he would be asked to login or he would be directed inside the application?

I have googled around, some are saying it will be directed to login and same are saying it will be directed inside the application.

Alexis Pigeon
  • 7,423
  • 11
  • 39
  • 44
Sudhir
  • 111
  • 5

2 Answers2

3

The default session cookie is set to expire when the browser window is closed. The corresponding session on the server will still exist for a while until it is garbage collected. If the user could resurrect/keep the cookie, he could continue to use the session. But again, the browser will discard the cookie when it's closed. You can modify the session cookie settings with an explicit expiration time, which means it will persist until then, giving your user a permanently logged-in status.

Here are all the session and session-cookie related settings you can tweak with ini_set: http://php.net/manual/en/session.configuration.php

deceze
  • 510,633
  • 85
  • 743
  • 889
1

PHP sessions should automatically expire when the browser window closes providing you do not modify the Session Cookies expiration time.

moreover whatever scene you described can be done by Cookie

if you set cookie (persistent) for a limited time period then it will not ask for the login untill that and save your login credentials.

redirecting on the last page can be done by your logic not by browser.

check that session.cookie_lifetime in php.ini if it is 0 means whenever we close the browser. it will destroy the session

more info

Community
  • 1
  • 1
xkeshav
  • 53,360
  • 44
  • 177
  • 245
  • Yes but session are stored on server side in form of session id. so when user directly closes the browser how session would expire.It would remain intact until session time is gone.Please clear my doubt.Also on closing browser window its client event.How server will know that it had been closed.Please clear my doubt. – Sudhir Jun 30 '12 at 06:18
  • sessionid is automatically generated by server so whenevr you open new instance ( after complete browser close) . it will generate new session_id. – xkeshav Jun 30 '12 at 06:21
  • Fully closing a browser and reopening a site will require login again. However, closing a browser tab does not, if you revisit you will still be logged in. – codercake Jun 30 '12 at 06:25
  • "Close the Browser" means to stop running all instances of that browser. Just closing a browser window isn't closing the browser. All session cookies are stored within the browser application itself and so as long as the browser is running they will exist but as soon as you close the browser completely they have nowhere to exist and so will be gone. The session itself may still exist in that case but there is no longer a browser with a copy of that session id to reference it. – xkeshav Jun 30 '12 at 06:28
  • @user1126525 The session ID is stored in a cookie on the clientside. If the browser is closed and this cookie is dropped (default behaviour), when the client reopens the page, a new session ID and cookie will be generated, thus, making the old session cookie unaccessible and redundant. The server will purge these session files regularly. – Whisperity Jun 30 '12 at 06:47