arnisritins
Reputation: 1340
Secure logout with PHP sessions
I have a login system based on PHP sessions. When user clicks on logout link, script calls session_destroy() function and the user logs out (session file on server with user data is deleted). When user just closes the browser, he logs out too (the cookie expired on close), but session file with user data is still kept on server.
So is there any vulnerability from the viewpoint of security? If so, what I have to do in order to prevent it?
Upvotes: 0
Views: 960
Answers (1)
sedat sevgili
Reputation: 166
i think you can use session.gc properties to remove old session files.
Upvotes: 1
Related Questions
- Automatically logout when leaving the page (PHP)
- Session logout without closing the session
- Force user to logout session PHP
- PHP Session Logout
- PHP Sessions - Best practices for logout
- PHP sessions logging in and logging out
- PHP - Managing Session - Doesnt Logout
- Login/Logout using PHP sessions?
- Securely creating and destroying login sessions in PHP
- create a simple PHP login / logout system