Solved

kill php session on page exit

Posted on 2012-03-11
3
287 Views
Last Modified: 2012-04-05
I would like for the session to be killed as soon as the visitor exits the browser (close tab or browser) or navigates away from any page related to the site, I create the session in the header which is an includes.

Thanks
0
Comment
Question by:prowebinteractiveinc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 110

Expert Comment

by:Ray Paseur
ID: 37708012
The session will only be killed if the client closes the last instance of the browser or if the browser is idle for (about) 24 minutes.  The last instance means the last tab and the last window.  That is just the way it works.  Try to design your app so it will work in consonance with the existing guidelines and you will be OK.
0
 

Author Comment

by:prowebinteractiveinc
ID: 37708078
what if I expire the session after lets say 10-15min of inactivity, then if the user is on the public site, it simply renews the session_id(); otherwise if the user is in a logged in area, it will log him out, sounds like that function would be more secure..
0
 
LVL 110

Accepted Solution

by:
Ray Paseur earned 500 total points
ID: 37709565
The part that is going to be difficult for you is this part:

what if I (emphasis added) expire the session...

That line of inquiry suggests that the server can initiate an action, and that is contrary to the design of the client-server architecture.  Clients make requests.  Servers respond.  That is all that can happen.  Here's the issue.  Where am I right now?  You do not know whether I am at a computer terminal, whether I am looking at your web site or another web site, or in the kitchen getting a cup of coffee, or whether I have left to take the dog for a walk.  You know that I was here when I typed this, but that is "ancient history" in computer terms by the time you read what I typed.  The point is that you do not get any signal on page exit.  In fact the whole concept of page exit does not exist.  You only get a signal (called a "request") when a client sends a request to your server.

A sensible design will take advantage of the way things already work.  

This article may be able to show you some of the design patterns that make sense for PHP client authentication.  Please read it over then see if you still have questions.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_2391-PHP-login-logout-and-easy-access-control.html
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

These days socially coordinated efforts have turned into a critical requirement for enterprises.
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question