0

I am very new to php. I am setting a unique session key while user log-in my website. Now the problem is i want to put the security same as in bank website.

for example. When user opens new tab in same window or a new window and paste the url direct in address bar after log in then the the generated session key should be expired and user should be log-out automatically.

For this i googled and come to know that server session is only expired when user close the browser or not click on the sign in button.

Or is there any other way to implement this facility any help is appriciated.

user3446467
  • 95
  • 1
  • 13
  • 2
    Why do you think what you explained has anything to do with security? It brings nothing to security it's just annoying. – zerkms Feb 03 '15 at 06:27
  • yes it is related to the security and i am working on insurence website so i need to put this facility in my website. – user3446467 Feb 03 '15 at 06:29
  • It's not related. It does not make anything more secure. It just brings inconvenience to the UX. If you ask such trivial questions - then it's likely you have more serious security flaws than you're trying to solve. – zerkms Feb 03 '15 at 06:29
  • possible duplicate of [How do I expire a PHP session after 30 minutes?](http://stackoverflow.com/questions/520237/how-do-i-expire-a-php-session-after-30-minutes) – zealoushacker Feb 03 '15 at 06:30
  • I already implemented auto-logout on no action for 5 minutes but boss said i have to implement it as same as bank website.. so i asked this trivil question and sorry for that sir. Plz can you suggest me how can i do it – user3446467 Feb 03 '15 at 06:51
  • do you want to destroy session when the link is copied to different browsers address bar or on the same browser window address bar – Rahul Feb 03 '15 at 06:58
  • i want to destroyee session when the link is copied to new tab in same window or in the different window. – user3446467 Feb 03 '15 at 07:01
  • i dont know how to end session in same window but you can easily do this for different window. as you are creating session for login. just write check session at top of page that if session login doesnt exist redirect to login page – Rahul Feb 03 '15 at 07:06
  • thank you sir I already implemented this thing if user will enter direct url without login then it will be redirected to the login page. But i want to implement same thing even the user is logged-in and paste the url direct on the address bar – user3446467 Feb 03 '15 at 07:09
  • _“yes it is related to the security and i am working on insurence website”_ – then you should know this already, and not have to ask here … – CBroe Feb 03 '15 at 07:42
  • _“i want to destroyee session when the link is copied to new tab in same window or in the different window”_ – that happens client-side, and PHP has no way of knowing about this on its own. (If you are not even aware of basics such as this, you should _really_ not be working on any projects where security is a top priority …) You will need to use JavaScript to determine whether or not the user is still within the original tab (using `window.name` would come to mind). – CBroe Feb 03 '15 at 07:44
  • I'l check this out, if there is any better way. :) – Ravi Dhoriya ツ Feb 03 '15 at 09:15
  • Right now i am trying as solution provided by Mr.CBroe if you find anything batter plz tell me. – user3446467 Feb 03 '15 at 09:36
  • I am using html 5 sessionstorage for this is it a good solution. – user3446467 Feb 04 '15 at 12:19

0 Answers0