• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3239
  • Last Modified:

How To Make The Session Expire After A Browser Close

Hi All,

I have a cakephp application with login facilty, after close the browser without logging out when you go back into project before the session has timed out you go straight to the User Manager screen. How we prevent it.

Thanks in advance.
0
Web_Sight
Asked:
Web_Sight
  • 5
  • 2
  • 2
  • +2
1 Solution
 
Rok-KraljCommented:
http://php.net/manual/en/function.setcookie.php

If you specify 0 for $time parameter, the session cookie will last only until browser window (or tab) is closed.
0
 
Web_SightAuthor Commented:
Hi, i am using cakephp project and in core file i set Configure::write('Session.timeout', '18');
0
 
Rok-KraljCommented:
Then this should work.
Configure::write('Session.timeout', '0');

Open in new window

0
Cloud Class® Course: Microsoft Azure 2017

Azure has a changed a lot since it was originally introduce by adding new services and features. Do you know everything you need to about Azure? This course will teach you about the Azure App Service, monitoring and application insights, DevOps, and Team Services.

 
Web_SightAuthor Commented:
hi, normally we need 30mins session , thats why we put Configure::write('Session.timeout', '18');, the problem is that when we close the browser it still working.
0
 
p_nutsCommented:
change the php session max time and leave cake to 0
0
 
NeoAshuraCommented:
Change the PHP session time to 0 this will only hold the data in the browser until it closes. once the user closes the browser, the browser will drop the users details and will log them out.
0
 
Ray PaseurCommented:
"the problem is that when we close the browser it still working."

The problem may be that you have more than on instance of the browser running.  Either a window or a tab will cause the symptom.

All instances of the same browsers all share the same cookie jar.  If you close one instance of the browser, but not all instances of the browser, the cookies will still be there, and they will persist until the last instance of the browser is closed.  So to get the session to expire, you must close ALL instances of the browser.  Then start a new browser window, go back to the site and see if you're OK.

Sorry, but it just works that way.  There is no workaround that I know of.
0
 
p_nutsCommented:
the only way i can think of is not use session cookies and build the session in every link / post ...
0
 
Rok-KraljCommented:
@Ray: One workaround is that a website "pings" server every minute or so... When you don't receive the ping for 2 minutes, you destroy the session.

This is a solution, but not the one I'd recommend.
0
 
Ray PaseurCommented:
@Rok-Kralj: Interesting.  Can you show us a code sample to illustrate how that would be done?
0
 
Rok-KraljCommented:
As I said, I'd not recommend it, because it can be heavy with server resources, and not so trivial to implement securely.

The simplest way it would be:

<iframe src="i_am_active.php"></iframe>

And then javascript that would refresh this page every 10 seconds, and every time it does, a php script would update user's database LASTPING (time()).

Then you would check lastping data on next ping/page load, and if they are more than 10 seconds in the past, then you know the page was closed.
0
 
Rok-KraljCommented:
And it is not 100% sure way, because if user closes browser and opens it again within this 10 second treshold, this wouldn't count as "browser closed". There is no 100% accurate soulition, because there is no reliable js API to detect such data.

There is also a solution relyiong on onclose javascript event, but is easily bypassed.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Microsoft Exchange Server

The MCTS: Microsoft Exchange Server 2010 certification validates your skills in supporting the maintenance and administration of the Exchange servers in an enterprise environment. Learn everything you need to know with this course.

  • 5
  • 2
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now