session.cookie_lifetime not working for Firefox?

Question

In my Zend Application, I am trying to make our authenticated users be automatically logged out when they close their browser.

For that I'd write following code:

ini_set('session.cookie_lifetime', 0);

And its working fine on browsers like Chrome, Safari, IE7 and IE8, but in case of firefox, users still remain logged on when they close their browser.

Does anyone know what is causing problem?

Thanks In advance...

Answer 1

A value of 0 indicates "session cookie" - i.e. one that the browser should destroy when the "session" is over and the browser is closed.

However:

• Different browsers have different interpretations of exactly what a "session" is - some will destroy these cookies when your close the tab, some when you close the window, some won't destroy the cookies until all instances of the browser have been closed - all tabs in all windows.
• Since cookies are stored and transmitted by the client, they are completely the responsibility of the client. You should not rely on cookies alone to control whether a user has a valid login because they are ridiculously easy to spoof, you should implement some kind of activity timeout as well.

Make sure you have actually ended your Firefox session when testing - close all open tabs and windows, and watch the process list to ensure there are no instances left. If you are still having a problem, you are probably looking at some kind of bug in Firefox (or maybe you've made some strange change in about:config) and you need to ask for Firefox-specific help - SuperUser.com would be a better place for that. One thing you can be fairly sure of is that if it works everywhere else, it's not a problem with your PHP.