Session destroy when closing browser

Hi all,

After a visitor has loged in, a session is started.
The session is destroyed after the visitor clicked "Log out'.

When the visitor forgets to log out and closes the browser immediately, the
session stil exists because when the visitor opens the browser again and
comes back to the site he/she is still loged in.
Ofcourse i don't want that.
I want the session to be destroyed when the visitor closes the browser
immediately.

Is there a way to destroy a session when the user closes the browser and
forgets to log out.

If instead of php, javascript is necessary, please tell me also.

T.i.a.

Best regards,
Tino Wintershoven.
The Netherlands

Re: Session destroy when closing browser

T. Wintershoven wrote:
> Hi all,
>
> After a visitor has loged in, a session is started.
> The session is destroyed after the visitor clicked "Log out'.
>
> When the visitor forgets to log out and closes the browser immediately, the
> session stil exists because when the visitor opens the browser again and
> comes back to the site he/she is still loged in.
> Ofcourse i don't want that.
> I want the session to be destroyed when the visitor closes the browser
> immediately.
>
> Is there a way to destroy a session when the user closes the browser and
> forgets to log out.
>
> If instead of php, javascript is necessary, please tell me also.
>
> T.i.a.
>
> Best regards,
> Tino Wintershoven.
> The Netherlands
>
>
>

In your php.ini file, set the value:

session.cookie_lifetime=0

Or, before EVERY session_start() call, use:

session_set_cookie_params(0);


--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

Re: Session destroy when closing browser

Jerry Stuckle escribió:
>> Is there a way to destroy a session when the user closes the browser
>> and forgets to log out.
[...]
> In your php.ini file, set the value:
>
> session.cookie_lifetime=0
>
> Or, before EVERY session_start() call, use:
>
> session_set_cookie_params(0);

Apart from this, note that session data still exists on server; it will
be deleted eventually, when next "garbage" collection happens. In
general, the server has no way to know that you've closed the browser.
Usually, that's not an issue*, just be aware of it.


(*) It's an issue when you're paranoid about hackers using someone
else's session ID


--
-- http://alvaro.es - Álvaro G. Vicario - Burgos, Spain
-- Mi sitio sobre programación web: http://bits.demogracia.com
-- Mi web de humor al baño María: http://www.demogracia.com
--

Re: Session destroy when closing browser

Álvaro G. Vicario wrote:
> Jerry Stuckle escribió:
>>> Is there a way to destroy a session when the user closes the browser
>>> and forgets to log out.
> [...]
>> In your php.ini file, set the value:
>>
>> session.cookie_lifetime=0
>>
>> Or, before EVERY session_start() call, use:
>>
>> session_set_cookie_params(0);
>
> Apart from this, note that session data still exists on server; it will
> be deleted eventually, when next "garbage" collection happens. In
> general, the server has no way to know that you've closed the browser.
> Usually, that's not an issue*, just be aware of it.
>
>
> (*) It's an issue when you're paranoid about hackers using someone
> else's session ID
>
>

If you're that paranoid about hackers, you should be using https protocol.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================