Solved

How To Make The Session Expire After A Browser Close

Posted on 2010-09-06
12
2,141 Views
Last Modified: 2013-11-10
Hi All,

I have a cakephp application with login facilty, after close the browser without logging out when you go back into project before the session has timed out you go straight to the User Manager screen. How we prevent it.

Thanks in advance.
0
Comment
Question by:Web_Sight
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
  • 2
  • +2
12 Comments
 
LVL 12

Expert Comment

by:Rok-Kralj
ID: 33610120
http://php.net/manual/en/function.setcookie.php

If you specify 0 for $time parameter, the session cookie will last only until browser window (or tab) is closed.
0
 

Author Comment

by:Web_Sight
ID: 33610154
Hi, i am using cakephp project and in core file i set Configure::write('Session.timeout', '18');
0
 
LVL 12

Expert Comment

by:Rok-Kralj
ID: 33610159
Then this should work.
Configure::write('Session.timeout', '0');

Open in new window

0
MS Dynamics Made Instantly Simpler

Make Your Microsoft Dynamics Investment Count  & Drastically Decrease Training Time by Providing Intuitive Step-By-Step WalkThru Tutorials.

 

Author Comment

by:Web_Sight
ID: 33610176
hi, normally we need 30mins session , thats why we put Configure::write('Session.timeout', '18');, the problem is that when we close the browser it still working.
0
 
LVL 13

Expert Comment

by:p_nuts
ID: 33610192
change the php session max time and leave cake to 0
0
 
LVL 6

Accepted Solution

by:
NeoAshura earned 500 total points
ID: 33610493
Change the PHP session time to 0 this will only hold the data in the browser until it closes. once the user closes the browser, the browser will drop the users details and will log them out.
0
 
LVL 110

Expert Comment

by:Ray Paseur
ID: 33610833
"the problem is that when we close the browser it still working."

The problem may be that you have more than on instance of the browser running.  Either a window or a tab will cause the symptom.

All instances of the same browsers all share the same cookie jar.  If you close one instance of the browser, but not all instances of the browser, the cookies will still be there, and they will persist until the last instance of the browser is closed.  So to get the session to expire, you must close ALL instances of the browser.  Then start a new browser window, go back to the site and see if you're OK.

Sorry, but it just works that way.  There is no workaround that I know of.
0
 
LVL 13

Expert Comment

by:p_nuts
ID: 33613085
the only way i can think of is not use session cookies and build the session in every link / post ...
0
 
LVL 12

Expert Comment

by:Rok-Kralj
ID: 33613136
@Ray: One workaround is that a website "pings" server every minute or so... When you don't receive the ping for 2 minutes, you destroy the session.

This is a solution, but not the one I'd recommend.
0
 
LVL 110

Expert Comment

by:Ray Paseur
ID: 33613278
@Rok-Kralj: Interesting.  Can you show us a code sample to illustrate how that would be done?
0
 
LVL 12

Expert Comment

by:Rok-Kralj
ID: 33613319
As I said, I'd not recommend it, because it can be heavy with server resources, and not so trivial to implement securely.

The simplest way it would be:

<iframe src="i_am_active.php"></iframe>

And then javascript that would refresh this page every 10 seconds, and every time it does, a php script would update user's database LASTPING (time()).

Then you would check lastping data on next ping/page load, and if they are more than 10 seconds in the past, then you know the page was closed.
0
 
LVL 12

Expert Comment

by:Rok-Kralj
ID: 33613353
And it is not 100% sure way, because if user closes browser and opens it again within this 10 second treshold, this wouldn't count as "browser closed". There is no 100% accurate soulition, because there is no reliable js API to detect such data.

There is also a solution relyiong on onclose javascript event, but is easily bypassed.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
if statement malfunction 5 44
Failed to open stream: Permission denied in /var/www/html/export.php on line 24 5 78
Link Stopped Working 7 32
php non-object 7 29
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to dynamically set the form action using jQuery.

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question