Reputation: 121
Why the Codeigniter session does not expire after closing the browser?
Problem scenario
If a user A logs into the application then the user id set in session. After doing some tasks user A closes his browser and leaves the computer. Short time later, user B came and open browser and see the application was in logged in state. User B can also open an internal url, which directly redirects him into the application without any authentication by using the previous session.
My Configuration
$config['sess_cookie_name'] = 'cisession';
$config['sess_expiration'] = 7200;
$config['sess_expire_on_close'] = TRUE;
$config['sess_encrypt_cookie'] = FALSE;
$config['sess_use_database'] = FALSE;
$config['sess_table_name'] = 'ci_sessions';
$config['sess_match_ip'] = FALSE;
$config['sess_match_useragent'] = TRUE;
$config['sess_time_to_update'] = 300;
Upvotes: 4
Views: 11096
Answers (4)
Reputation: 1350
Why don't you use the CI session function to do that
http://www.codeigniter.com/userguide2/libraries/sessions.html
Upvotes: 0
Reputation: 9
Set in application/config/config.php:
$config['sess_expiration'] = 0;
$config['sess_expire_on_close'] = TRUE;
This should be OK.
Upvotes: 0
Reputation: 169
Try this, may be it help you
/ **
* Escape String
*
* @param string
* @param bool whether or not the string will be used in a LIKE condition
* @return string
*/
public function escape_str($str, $like = FALSE)
{
if (is_array($str))
{
foreach ($str as $key => $val)
{
$str[$key] = $this->escape_str($val, $like);
}
return $str;
}
$str = is_resource($this->conn_id) ? mysql_real_escape_string($str, $this->conn_id) : addslashes($str);
// escape LIKE condition wildcards
if ($like === TRUE)
{
return str_replace(array($this->_like_escape_chr, '%', '_'),
array($this->_like_escape_chr.$this->_like_escape_chr, $this->_like_escape_chr.'%', $this->_like_escape_chr.'_'),
$str);
}
return $str;
}
// --------------------------------------------------------------------
Upvotes: 0
Reputation: 1001
You can override or Set a Config Item dynamically. If you simply look at $config['sess_expire_on_close'] = TRUE;
Whether to make the session to expire automatically when the browser window is closed.
Set it to true if user did not check the remember me checkbox. And the session will expire after user close the browser.
And if he checks the remember me checkbox, set $config['sess_expire_on_close'] to FALSE like
if($this->input->post('remember')) $this->config->set_item('sess_expire_on_close', '0'); //'remember' is checkbox name.
now session will not expire after browser is closed. note: this solution is also tested on Opera, Mozilla, Chrome and ie9
Upvotes: 4
Related Questions
- Codeigniter session regenerated after browser close
- How to prevent CodeIgniter sessions from being destroyed when the browser is closed?
- How to expire codeigniter session when the browser window is closed
- Codeigniter session expiry issue at any time
- session is not destroyed when logging out
- Codeigniter: session expiration not working
- CodeIgniter Session Expires on Page Refresh
- CodeIgniter's session expiration
- Codeigniter Session is expired in a short period automatically
- Codeigniter: User session keeps expiring