20

Possible Duplicate:
How do I expire a PHP session after 30 minutes?

I am destroying all session var in logout.php and calling it when user click on logout, what is user does not click on logout.php but directly close the browser. how can i delete session then???

Community
  • 1
  • 1
nectar
  • 9,525
  • 36
  • 78
  • 100
  • 3
    Duplicates: http://stackoverflow.com/questions/2201750/php-destroy-session-on-close-of-main-window , http://stackoverflow.com/questions/2171821/how-do-i-make-my-site-automatically-sign-out-a-user-when-they-close-their-browser , http://stackoverflow.com/questions/959655/destroy-session-on-window-close and more: http://stackoverflow.com/search?q=php+session+browser+close – Felix Kling May 15 '10 at 11:56
  • 1
    thanks for ur reply, where and what is the syntax for session timeout. – nectar May 15 '10 at 11:56
  • See also: http://stackoverflow.com/questions/887919, http://stackoverflow.com/questions/520237, and http://stackoverflow.com/questions/508959 – Gumbo May 15 '10 at 12:17

5 Answers5

18

You can set an expiration time for the session data, test it with each session_start call and destroy the session if it’s expired:

session_start();
if (!isset($_SESSION['EXPIRES']) || $_SESSION['EXPIRES'] < time()+3600) {
    session_destroy();
    $_SESSION = array();
}
$_SESSION['EXPIRES'] = time() + 3600;
Gumbo
  • 643,351
  • 109
  • 780
  • 844
  • 2
    That's a bit awkward solution, don't you think? There's a built-in function for that! – Guido Hendriks May 15 '10 at 11:59
  • 1
    $_SESSION['EXPIRES'] ....'EXPIRES' is specific or I can place my session var name?? – nectar May 15 '10 at 12:01
  • @GuidoH: You should better check what `session_cache_expire` actually does. – Gumbo May 15 '10 at 12:04
  • @Piyush: No, *EXPIRES* is a regular session datum like any other value in `$_SESSION`. I just thought “expires” is an appropriate name for such a value. But you can name it whatever you want. – Gumbo May 15 '10 at 12:06
  • 1
    Ok, but how is the session going to be started, since the browser's been closed and therefore the session cookie (which is a session cookie) is now destroyed on the client? – Marc B May 15 '10 at 13:36
  • what it dose $_SESSION['EXPIRES'] = time() + 3600; ??? – nectar May 15 '10 at 13:56
  • @Piyush: It sets the expiration time to 3600 seconds in the future. So the session will expire after one hour of inactivity. – Gumbo May 15 '10 at 14:16
  • 10
    This answer does not solve the question of OP. The question was: how to destroy the session upon closing the browser, not destroying the session after a delay. – chocolata Sep 16 '13 at 09:02
  • @Gumbo Shouldn't `if (!isset($_SESSION['EXPIRES']) || $_SESSION['EXPIRES'] < time()+3600)` be `if (isset($_SESSION['EXPIRES']) && $_SESSION['EXPIRES'] < time()+3600)` or simply `if ($_SESSION['EXPIRES'] < time()+3600)`? If the `SESSION` is either not set or even if set, our main objective is to destroy it based on time then set a new time again. Can't we ignore `!isset($_SESSION['EXPIRES']) ||` part or some security is involved? Sorry for bumping such an old reply, I'm new to it. – NewBee May 22 '18 at 18:06
13

You cannot. However, session cookies are usually sent without an expire time which means they are deleted when the browser is closed, so the session is lost anyway.

ThiefMaster
  • 310,957
  • 84
  • 592
  • 636
3

PHP sessions should automatically expire when the browser window closes providing you do not modify the Session Cookies expiration time. If this is not happening then I would assume that you have modified this in some way and we would require further details to assist.

Matt Weldon
  • 1,413
  • 11
  • 18
1

The session can be set to simply expire the server doesn't hear from the client after a certain period of time. That's the direction you want to be looking in...

Martin

Martin Milan
  • 6,346
  • 2
  • 32
  • 44
1

If you do not set an expire time for the session cookie, it will be deleted when the user closes the browser, which has the same effect for most practical purposes (unless you are worried about storage or security). If that is not good enough, you could set sessions to expire very quickly and periodically refresh them via AJAX.

Tgr
  • 27,442
  • 12
  • 81
  • 118