Solved

kill php session on page exit

Posted on 2012-03-11
3
290 Views
Last Modified: 2012-04-05
I would like for the session to be killed as soon as the visitor exits the browser (close tab or browser) or navigates away from any page related to the site, I create the session in the header which is an includes.

Thanks
0
Comment
Question by:prowebinteractiveinc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 110

Expert Comment

by:Ray Paseur
ID: 37708012
The session will only be killed if the client closes the last instance of the browser or if the browser is idle for (about) 24 minutes.  The last instance means the last tab and the last window.  That is just the way it works.  Try to design your app so it will work in consonance with the existing guidelines and you will be OK.
0
 

Author Comment

by:prowebinteractiveinc
ID: 37708078
what if I expire the session after lets say 10-15min of inactivity, then if the user is on the public site, it simply renews the session_id(); otherwise if the user is in a logged in area, it will log him out, sounds like that function would be more secure..
0
 
LVL 110

Accepted Solution

by:
Ray Paseur earned 500 total points
ID: 37709565
The part that is going to be difficult for you is this part:

what if I (emphasis added) expire the session...

That line of inquiry suggests that the server can initiate an action, and that is contrary to the design of the client-server architecture.  Clients make requests.  Servers respond.  That is all that can happen.  Here's the issue.  Where am I right now?  You do not know whether I am at a computer terminal, whether I am looking at your web site or another web site, or in the kitchen getting a cup of coffee, or whether I have left to take the dog for a walk.  You know that I was here when I typed this, but that is "ancient history" in computer terms by the time you read what I typed.  The point is that you do not get any signal on page exit.  In fact the whole concept of page exit does not exist.  You only get a signal (called a "request") when a client sends a request to your server.

A sensible design will take advantage of the way things already work.  

This article may be able to show you some of the design patterns that make sense for PHP client authentication.  Please read it over then see if you still have questions.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_2391-PHP-login-logout-and-easy-access-control.html
0

Featured Post

Salesforce Has Never Been Easier

Improve and reinforce salesforce training & adoption using WalkMe's digital adoption platform. Start saving on costly employee training by creating fast intuitive Walk-Thrus for Salesforce. Claim your Free Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
This article discusses four methods for overlaying images in a container on a web page
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question