I'm writing a log in page using php sessions. The thing is that, after log in, if i exit the page without sign out, i can just enter the page withou log in, the next time. I used a session variable containing the user name and i had it checked across every page if the session is there. I found out that the reason why I can go about without log in is because the session hasn't been unset. Can any one tell me what to do? I want a simple solution where the browser automatically logs out when tab is closed or not allow the user to exit without signout??
Asked
Active
Viewed 48 times
0
-
Implement a timeout on the session. – Barmar Jun 19 '14 at 05:46
-
Duplicate: http://stackoverflow.com/questions/2201750/php-destroy-session-on-close-of-main-window – Ali Seyfollahi Jun 19 '14 at 05:46
-
See also http://stackoverflow.com/questions/520237/how-do-i-expire-a-php-session-after-30-minutes/1270960#1270960 – Barmar Jun 19 '14 at 05:48
-
You know what would be great? If you showed the associated code.. – Darren Jun 19 '14 at 05:54
1 Answers
1
Browsers only destroy session cookies when the entire browser process is exited. There is no reliable method to determine if/when a user has closed a tab. There is an onbeforeunload handler you can attach to, and hopefully manage to make an ajax call to the server to say the tab's closing, but it's not reliable.
And what if the user has two or more tables open on your site? If they close one tab, the other one would effectively be logged out, even though the user fully intended to keep on using your site.
Also refer:
