0

I have some sessions that are saved. I want to destroy all the sessions if the user closes the browser window or a single tab or navigates away from the page. Is there any way I can do this?

zeckdude
  • 15,877
  • 43
  • 139
  • 187
  • 4
    What happens if the user has more than one window/tab open for the same session? – sth Mar 21 '10 at 02:28
  • There are too many variables for you to be able to account for them all. Plain and simple, don't worry about it. – animuson Mar 21 '10 at 02:36
  • You also might be able to do this if you don't use the built in session system. Or if you pass a variable via POST or GET on each page that you can associate to a single "active-tab". – St. John Johnson Mar 21 '10 at 04:34

5 Answers5

1

It's quite complicated nowadays with all the modern tabbed browsers. So, you can rely only on the session timeout. Not a big deal though. Are you sure you really need this? That would make pain in the bottom for the users.

Your Common Sense
  • 156,878
  • 40
  • 214
  • 345
0

The first set the $config['sess_expiration'] to 0

This however has the effect of creating a cookie which actually lasts 2 years due to code in the system/libraries/Session.php file

The next us to set the $config['sess_expiration'] to -1

This just didn’t work for me full stop. When I logged in it saved the session variable then when I went to the next page it had disappeared.

Sachin Prasad
  • 5,365
  • 12
  • 54
  • 101
0

Well, I'm using CodeIgniter for all my project. CodeIgniter have session class that store the data using cookies. I can set the cookies timeout in the application config. Set it to 0 will make the cookies only last while the page open, and when all tabs of the page closed in the browser, the cookies will be automatically deleted.

If you don't want to use another framework, then you can use cookies to hold session data that will only last until user close the browser tab. Use setcookie to write the cookie data, and read it from $_COOKIE variable.

Donny Kurnia
  • 5,260
  • 5
  • 35
  • 52
  • Cookies don't hold session data – Your Common Sense Mar 21 '10 at 06:27
  • 1
    Wow, that's confusing! Do you know the difference between sessions and cookies? – animuson Mar 21 '10 at 07:48
  • Cookies hold the PHPSESSID, which is what links the user to his server-stored session data. – St. John Johnson Mar 21 '10 at 13:11
  • @Shrapnel, @animuson, what data that you stored into session anyway? The data to identify something across stateless http connection, right? When user login at login page, you will using session to store some data, maybe user id, so in the next http connection, your script can identify the user that have been login in previous http connection & may permit access to protected pages. Instead of PHP build-in SESSION, you can store your 'session' data into cookies. CodeIgniter have libraries to do this securely. So, I'm no longer using PHP build in SESSION, I use cookies to store 'session' data – Donny Kurnia Mar 23 '10 at 02:35
-1

Similar to Donny's answer, but instead of using Codeigniter, you can just tell the built in Session class to change the PHPSESSID cookie to expire on browser close:

session_set_cookie_params(0);

This has to be called after session_start() on every page you use it (otherwise it is reset to the default from the ini parameter session.cookie_lifetime).

St. John Johnson
  • 6,590
  • 7
  • 35
  • 56
-1

You cant destroy a session when the browser closes!!! Session needs a server side instruction to be destroyed. You can set the session to be destroyed after some time of inactivity.

Study the http://www.php.net/manual/en

Dr Casper Black
  • 7,350
  • 1
  • 26
  • 33