17

I have created a simple login page which is based on the sessions.

session_start();

and added a logout page that contains this

session_destroy();

Now when I close the browser/page and reopen it, the values of the session are still there.

I want to know how to completely destroy the session on page/browser close.

sikas
  • 5,435
  • 28
  • 75
  • 120
  • You don't need to reinvent the wheel with an AJAX call or whatever. You can simply use the built-in functionality of how cookies work. You can tell the browser to remove the cookie when it closes very easily. No Javascript Required. – Tyler Carter Nov 10 '10 at 16:42
  • 1
    No - removing or over-writing the session cookie is part of the story - but the data will still be available on the server - really you should overwrite the session data too ($_SESSION=array();) - this avoids a LOT of complications – symcbean Nov 10 '10 at 17:28

5 Answers5

26

if you use:

session_set_cookie_params(0);
session_start();

Your session cookie will destroy when the browser is closed... so your session will be good until they close the browser. IE. You login, and you are logged in, you close the browser, re-open it, go to the site again, and you wont be logged in.

superfro
  • 3,327
  • 1
  • 18
  • 14
  • 5
    Its not working ... my pages are still get opened dont know why i have put the same code at my login page and template header page but it doent get destroyed – Vivek Mar 06 '14 at 17:59
  • 4
    Didn't worked for me too, but found the (my) reason: Firefox was configered to remember the tabs after closing, and this feature prevents the session from getting destroyed. Details here: https://support.mozilla.org/de/questions/975670 – user2345998 Jul 02 '15 at 12:25
5

You will only be able to detect if the browser window has been closed using javascript at which point you might be able to trigger an Ajax request to perform a logout action.

Treffynnon
  • 21,365
  • 6
  • 65
  • 98
  • 3
    Despite the down vote this method will work and JS is the only way you can detect if a browser window is closed. `session_set_cookie_params(0)` will store the cookie in the users memory rather than disk, but it will not feedback to the server when the browser window is closed. The cookie will just die with the users browser. – Treffynnon Nov 10 '10 at 16:46
  • I didn`t down vote any!! but is there any tutorial about this? – sikas Nov 10 '10 at 17:15
  • This might work, but I IMHO it is possible a case when during closing of the tab/browser ajax will be terminated/aborted. Because when u open a page which contains ajax, and "real quick"(right after document ready) click on some link, as the new page is being opened the ajax can show an error. Thanks – dav Jul 12 '14 at 17:07
0

Server can't detect browser or tab closed, you could use Javascript or Ajax but sorry I don't have knowledge about that.

My suggestion is use Session Timeout, so session will be destroyed if there's no action from user. This is an example :

// destroy every 2 minutes

if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > 120)) {
    // last request was more than 2 minutes ago
    session_destroy();   // destroy session data in storage
}
$_SESSION['LAST_ACTIVITY'] = time(); // update last activity time stamp

// end of code

Hope this help you

Fahmi
  • 11
  • 5
0

If the session exists, log out by destroying the session and redirecting the user to the home page. A temporary cookie was used to store the session identity. This cookie is also destroyed.

<?php
    // This is the logout page for the site.
    session_start();//access the current session.
    //if no session variable then redirect the user
    if (!isset($_SESSION['user_id'])) {
    header("location:index.php");
    exit();
    }else{ //cancel the session
        $_SESSION = array(); // Destroy the variables
        session_destroy(); // Destroy the session
        setcookie('PHPSESSID', ", time()-3600,'/', ", 0, 0);//Destroy the cookie
        header("location:index.php");
        exit();
    }
    ?>
csandreas1
  • 2,026
  • 1
  • 26
  • 48
-1

to remove session variables - session_unset();

to destroy the session - session_destroy();

session_unset();
session_destroy();
Giwayshans
  • 1
  • 1
  • Please read the requirements of OP fully. PHP has no way of knowing when a browser is closed, especially not with these two lines. – Juan Treminio Mar 25 '16 at 18:36