Solved

destroy session cookies on windows close

Posted on 2004-09-16
6
5,305 Views
Last Modified: 2013-12-13
Hey everybody!

I'd like to be able to destroy the session cookies when a user closes the browser window. I have a link to "log out" which works great. If a user clicks on it, no problem. BUT if they close the window without clicking on the link, then the cookies stay with the login info for some time. I don't want to set the expire time to something really short, so they don't have to log in multiple times during one surfing session.

I'm not sure if this can be done directly with PHP or a combination of Javascript & PHP. Does anybody have Javascrip/PHP code that will be AUTOMATICALLY executed when a user closes the window manually by clicking on the "X" in the upper right hand corner of their browser?

i'm running
Apache version : Apache/1.3.31
PHP version : 5.0.1

Thanks a lot!!
daniel
0
Comment
Question by:danfuniel
6 Comments
 
LVL 33

Expert Comment

by:humeniuk
ID: 12079523
How is it configured now?  ie. is there an expiry time on the cookie?  Can you post your code?
0
 
LVL 2

Expert Comment

by:montasirma
ID: 12080104
in the TAG <BODY> put onUnload().

<BODY onUnload="function()">

Take a look at the folowing link:
http://www.phpbuilder.com/lists/php-windows/2002092/0160.php
0
 
LVL 49

Expert Comment

by:Roonaan
ID: 12082624
Isn't it so that when all browser windows are unloaded, the session cookie automatically is destroyed?

You could always do something like
<body onUnload="this.style.backgroundImage='http://www.mylogouturl.com';">

The client won't see anything of this errorous imgcall, because the window is quite quickely unloaded.
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 

Expert Comment

by:codefather
ID: 12199480
I guess if you don't set any expire time for the cookie, it automatically expires when the browser window is closed.
0
 
LVL 3

Expert Comment

by:hackman_3vilGuy
ID: 12498611
Maybe...

<BODY onBeforeUnload="window.open('logout.php');">
0
 
LVL 10

Accepted Solution

by:
Havin_it earned 50 total points
ID: 12803666
onUnload and onBeforeUnload only work with IE.

No need to worry though - everything I have read on the subject assures me that PHP cookies, like Javascript ones, are destroyed when the browser closes or switches domains if their 'expires' property is not set.

If in doubt, why not do a test-page and see what happens in your Cookies folder?

In XP/IE6, the folder is at C:\Documents and Settings\yourname\Cookies

In XP/Firefox, cookies are all in one file:
C:\Documents and Settings\yourname\Application Data\Mozilla\Firefox\Profiles\default.1kv\cookies.txt
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Create new password with id in link 5 25
php refresh button on the browser 2 35
mysqli 3 18
echo time from sql to input type="time" 9 17
Deprecated and Headed for the Dustbin By now, you have probably heard that some PHP features, while convenient, can also cause PHP security problems.  This article discusses one of those, called register_globals.  It is a thing you do not want.  …
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to dynamically set the form action using jQuery.

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now