CODEWITHSUNDEEP
phpsessioncookies
Shri
Shri

Reputation: 731

PHP - Session destroy after closing browser

Though this question has multiple duplicates i could not find proper solution for me. Need Some help.

I have used ini_set('session.cookie_lifetime', 0); in my configuration file.

But it is not helping me to destroy session on browser close.

Application current flow:

1) In authentication page if user is valid, generate new session identifier using session_regenerate_id(true);

2) Control goes to welcome.php where i start new session using session_start();

3) in logout page code is 

      $_SESSION = array();
      if (ini_get("session.use_cookies")) {
        $params = session_get_cookie_params();
        setcookie(session_name(), '', time() - 42000,
        $params["path"], $params["domain"],
        $params["secure"], $params["httponly"]
      );
     }
    // Finally, destroy the session.
    session_destroy();

Upvotes: 15

Views: 134094

Answers (10)

CyriDev
CyriDev

Reputation: 1

If you close your browser your session is lost.

session.cookie_lifetime specifies the lifetime of the cookie in seconds which is sent to the browser.

session.gc_maxlifetime specifies the number of seconds after which data will be seen as 'garbage' and potentially cleaned up.

ini_set('session.cookie_lifetime', 176400);  // for 48 hours
ini_set('session.gc_maxlifetime', 176400);  // for 48 hours
session_start();

Upvotes: 0

Braike dp
Braike dp

Reputation: 226

If you want to change the session id on each log in, make sure to use session_regenerate_id(true) during the log in process.

<?php
session_start();
session_regenerate_id(true);
?>

Upvotes: 0

DTT
DTT

Reputation: 91

There's one more "hack" by using HTTP Referer (we asume that browser window was closed current referer's domain name and curent page's domain name do not match):

session_start();
$_SESSION['somevariable'] = 'somevalue';

if(parse_url($_SERVER["HTTP_REFERER"], PHP_URL_HOST) != $_SERVER["SERVER_NAME"]){
    session_destroy();
}

This also has some drawbacks, but it helped me few times.

Upvotes: 2

Mr.Unknown
Mr.Unknown

Reputation: 180

If you are confused what to do, just refer to the manual of session_destroy() function:

http://php.net/manual/en/function.session-destroy.php

There you can find some more features of session_destroy().

Upvotes: -2

colburton
colburton

Reputation: 4715

Use a keep alive.

On login:

session_start();
$_SESSION['last_action'] = time();

An ajax call every few (eg 20) seconds:

windows.setInterval(keepAliveCall, 20000);

Server side keepalive.php:

session_start();
$_SESSION['last_action'] = time();

On every other action:

session_start();
if ($_SESSION['last_action'] < time() - 30 /* be a little tolerant here */) {
  // destroy the session and quit
}

Upvotes: 9

itzmukeshy7
itzmukeshy7

Reputation: 2677

You can do it using JavaScript by triggering an ajax request to server to destroy the session on onbeforeunload event fired when we closes the browse tab or window or browser.

Upvotes: 1

Ankit
Ankit

Reputation: 130

The best way is to close the session is: if there is no response for that session after particular interval of time. then close. Please see this post and I hope it will resolve the issue. "How to change the session timeout in PHP?"

Upvotes: 7

user3774008
user3774008

Reputation: 45

Use the following code to destroy the session: 

 <?php
    session_start();
    unset($_SESSION['sessionvariable']);
    header("Location:index.php");
    ?>

Upvotes: 0

kpp
kpp

Reputation: 826

There are different ways to do this, but the server can't detect when de browser gets closed so destroying it then is hard.

  • timeout session.

Either create a new session with the current time or add a time variable to the current session. and then check it when you start up or perform an action to see if the session has to be removed.

session_start();
$_SESSION["timeout"] = time();
//if 100 seconds have passed since creating session delete it.
if(time() - $_SESSION["timeout"] > 100){ 
    unset($_SESSION["timeout"];
}
  • ajax

Make javascript perform an ajax call that will delete the session, with onbeforeunload() a javascript function that calls a final action when the user leaves the page. For some reason this doesnt always work though.

  • delete it on startup.

If you always want the user to see the login page on startup after the page has been closed you can just delete the session on startup.

<? php
session_start();
unset($_SESSION["session"]);

and there probably are some more.

Upvotes: 4

Adil Abbasi
Adil Abbasi

Reputation: 3291

This might help you,

session_set_cookie_params(0);
session_start();

Your session cookie will be destroyed... so your session will be good until the browser is open. please view http://www.php.net//manual/en/function.session-set-cookie-params.php this may help you.

Upvotes: 10

Related Questions