10

Recently I have developed a web application with codeigniter. I am facing a session related problem there badly.

Problem scenario:

If user A logged into the application then the user id set in session. After doing task user A closed his browser and leave the computer. A little while later user B came and open browser and see the application was in logged in state. or when user B write down the url and press enter it directly redirected into the application without any authentication by using the previous session.

I used the following configuration for session:

$config['sess_cookie_name']     = 'ci_session';
$config['sess_expiration']      = 1800;
$config['sess_expire_on_close'] = FALSE;
$config['sess_encrypt_cookie']  = FALSE;
$config['sess_use_database']    = FALSE;
$config['sess_table_name']      = 'ci_sessions';
$config['sess_match_ip']        = FALSE;
$config['sess_match_useragent'] = TRUE;
$config['sess_time_to_update']  = 300;

Now my question is how can i destroy all the session with closing browser or browser tab in codeigniter?

Ariful Islam
  • 7,639
  • 7
  • 36
  • 54
  • 1
    Try setting `$config['sess_expire_on_close'] = TRUE;`. [`Sessions`](http://codeigniter.com/user_guide/libraries/sessions.html) - Whether to cause the session to expire automatically when the browser window is closed. – air4x Nov 01 '12 at 09:37
  • 1
    it doesn't work. Is there any other solution? – Ariful Islam Nov 01 '12 at 09:40
  • Are you storing the sessions in a DB? – ajtrichards Nov 01 '12 at 09:46
  • @AlexRichards no i am not storing the sessions in a DB. – Ariful Islam Nov 01 '12 at 09:48
  • **For future visitors**: First, I tried `$config['sess_expiration'] = 0;` and it didn't work. Then I tried `$config['sess_expire_on_close'] = TRUE;` and it worked, but this is said to be a [legacy setting](https://www.codeigniter.com/user_guide/libraries/sessions.html#session-preferences). So I couldn't really rely on it. Tried the first one again. This time I restarted the Apache, and it worked. – akinuri Aug 29 '19 at 16:34

10 Answers10

8

Edit the config.php file and set sess_expire_on_close to true.

e.g 

$config['sess_expire_on_close'] = TRUE;
Matthias
  • 3,582
  • 2
  • 30
  • 41
mohsin139
  • 967
  • 7
  • 6
6

You can use javascript and asynchron request. When you close the window, the handler of window.onunload is called 

var unloadHandler = function(e){
        //here ajax request to close session
  };
window.unload = unloadHandler;

To solve the problem of redirection, php side you can use a counter

  class someController  extends Controller {

   public function methodWithRedirection(){

        $this->session->set_userdata('isRedirection', 1);
        //here you can redirect  
   }
}
class homeController extends Controller{
   public function closeConnection(){
        $this->load->library('session');
        if($this->session->userdata('isRedirection')!== 1){
            //destroy session
         }
      }
   }
Ariful Islam
  • 7,639
  • 7
  • 36
  • 54
artragis
  • 3,677
  • 1
  • 18
  • 30
3

Add a logout button.

Have that button destroy the session with CI's built in destroy function.

$this->session->sess_destroy();
colonelclick
  • 2,165
  • 2
  • 24
  • 33
  • this is the most sane approach. yet the framework kids want everything done automatically. that's why frameworks should not be used by newbies. – Sharky Sep 19 '14 at 06:58
2

Have a look at this, and see if this helps.

https://github.com/EllisLab/CodeIgniter/wiki/PK-Session

viperfx
  • 327
  • 5
  • 17
2

Well, I don't know if you already had the solution, but I found myself in the same scenario in CodeIgniter version 3.0. In config.php, go to Session Variables section and you can set:

$config['sess_expiration'] = 0;

sess_expiration: The number of seconds you would like the session to last. If you would like a non-expiring session (until browser is closed) set the value to zero: 0

akinuri
  • 10,690
  • 10
  • 65
  • 102
José Miguel
  • 29
  • 1
  • I get that, but what if you want your session to expire on different scenarios? For example, expire the session in one hour or when the browser closes. How do you handle that? – CodeGodie Mar 18 '16 at 18:25
  • The first time I used this, it didn't work. I had to restart Apache, and then it worked. – akinuri Aug 29 '19 at 16:36
1

in $config.php file 

change  $config['sess_expiration'] = 7200;

to 

$config['sess_expiration'] = 0;
Sandeep Sherpur
  • 2,418
  • 25
  • 27
1

Simply set sess_expiration =0 in application/config/config.php file as stated in Codeigniter documentation

Venkatachalam
  • 16,288
  • 9
  • 49
  • 77
Vipin Choubey
  • 345
  • 2
  • 11
0

Open the general config file application/config/config.php, search for $config[‘sess_expiration’]

change 

$config['sess_expiration'] = 7200;

to

$config['sess_expiration'] = -1;
bungdito
  • 3,556
  • 4
  • 31
  • 38
0

for CI-3.0.4 locate the items below inside "config.php" and set accordingly

$config['sess_expiration'] = -1;
$config['sess_time_to_update'] = -1;
jeffsque
  • 1
  • 2
0

I use this way. Can this help you?

Change

$config['sess_expiration'] = 7200;

The result of above code is :

enter image description here

To

$config['sess_expiration'] = time() + 7200;

And the result of changed line is :

enter image description here

Now, if you close the browser window, the session will be deleted automatically.

POPI
  • 745
  • 6
  • 10