?
Solved

kill php session on page exit

Posted on 2012-03-11
3
Medium Priority
?
291 Views
Last Modified: 2012-04-05
I would like for the session to be killed as soon as the visitor exits the browser (close tab or browser) or navigates away from any page related to the site, I create the session in the header which is an includes.

Thanks
0
Comment
Question by:prowebinteractiveinc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 37708012
The session will only be killed if the client closes the last instance of the browser or if the browser is idle for (about) 24 minutes.  The last instance means the last tab and the last window.  That is just the way it works.  Try to design your app so it will work in consonance with the existing guidelines and you will be OK.
0
 

Author Comment

by:prowebinteractiveinc
ID: 37708078
what if I expire the session after lets say 10-15min of inactivity, then if the user is on the public site, it simply renews the session_id(); otherwise if the user is in a logged in area, it will log him out, sounds like that function would be more secure..
0
 
LVL 111

Accepted Solution

by:
Ray Paseur earned 2000 total points
ID: 37709565
The part that is going to be difficult for you is this part:

what if I (emphasis added) expire the session...

That line of inquiry suggests that the server can initiate an action, and that is contrary to the design of the client-server architecture.  Clients make requests.  Servers respond.  That is all that can happen.  Here's the issue.  Where am I right now?  You do not know whether I am at a computer terminal, whether I am looking at your web site or another web site, or in the kitchen getting a cup of coffee, or whether I have left to take the dog for a walk.  You know that I was here when I typed this, but that is "ancient history" in computer terms by the time you read what I typed.  The point is that you do not get any signal on page exit.  In fact the whole concept of page exit does not exist.  You only get a signal (called a "request") when a client sends a request to your server.

A sensible design will take advantage of the way things already work.  

This article may be able to show you some of the design patterns that make sense for PHP client authentication.  Please read it over then see if you still have questions.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_2391-PHP-login-logout-and-easy-access-control.html
0

Featured Post

7 Extremely Useful Linux Commands for Beginners

Just getting started with Linux? Here's a quick start guide that has 7 commands that we believe will come in handy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
This article discusses how to implement server side field validation and display customized error messages to the client.
The viewer will learn how to count occurrences of each item in an array.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question