kill php session on page exit

I would like for the session to be killed as soon as the visitor exits the browser (close tab or browser) or navigates away from any page related to the site, I create the session in the header which is an includes.

Thanks
prowebinteractiveincAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
Ray PaseurConnect With a Mentor Commented:
The part that is going to be difficult for you is this part:

what if I (emphasis added) expire the session...

That line of inquiry suggests that the server can initiate an action, and that is contrary to the design of the client-server architecture.  Clients make requests.  Servers respond.  That is all that can happen.  Here's the issue.  Where am I right now?  You do not know whether I am at a computer terminal, whether I am looking at your web site or another web site, or in the kitchen getting a cup of coffee, or whether I have left to take the dog for a walk.  You know that I was here when I typed this, but that is "ancient history" in computer terms by the time you read what I typed.  The point is that you do not get any signal on page exit.  In fact the whole concept of page exit does not exist.  You only get a signal (called a "request") when a client sends a request to your server.

A sensible design will take advantage of the way things already work.  

This article may be able to show you some of the design patterns that make sense for PHP client authentication.  Please read it over then see if you still have questions.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_2391-PHP-login-logout-and-easy-access-control.html
0
 
Ray PaseurCommented:
The session will only be killed if the client closes the last instance of the browser or if the browser is idle for (about) 24 minutes.  The last instance means the last tab and the last window.  That is just the way it works.  Try to design your app so it will work in consonance with the existing guidelines and you will be OK.
0
 
prowebinteractiveincAuthor Commented:
what if I expire the session after lets say 10-15min of inactivity, then if the user is on the public site, it simply renews the session_id(); otherwise if the user is in a logged in area, it will log him out, sounds like that function would be more secure..
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.