 |  |  |  |  |  |  |  |
session destroy
Please support our PHP advertiser: PostgreSQL or MySQL? Compare and contrast the two most popular open source databases
 |
•
•
Join Date: Jun 2008
Posts: 171
Reputation: 
Solved Threads: 21
Junior Poster
hi all,
how to destroy sessions when user once closes browser without logout, i mean when i logged in and close my browser again when i open browser i keep getting as login so, i want to destroy session upon clossing browser
i want this without changing my php settings because i like programming
thank u in advance
how to destroy sessions when user once closes browser without logout, i mean when i logged in and close my browser again when i open browser i keep getting as login so, i want to destroy session upon clossing browser
i want this without changing my php settings because i like programming
thank u in advance
Failure is success if we learn from it
•
•
Join Date: Jul 2008
Posts: 1,072
Reputation:
Solved Threads: 98
hi praveen check this once:
or see this for reference:
http://us2.php.net/manual/en/functio...on-destroy.php
php Syntax (Toggle Plain Text)
http://us2.php.net/manual/en/functio...on-destroy.php
Last edited by Shanti Chepuru; Aug 2nd, 2008 at 1:32 am.
Be intelligent, But Don't try to cheat.. Be innocent But Don't get cheated..
•
•
Join Date: Jul 2008
Posts: 1,072
Reputation:
Solved Threads: 98
or read this:
session_cache_expire is the wrong function. It sets the lifetime of session pages stored on the client's computer (think "web page cache"). It only operates when session.cache_limiter is set to something other than its default of nocache and has NO VALUE for timing out a session. It's only value is for convenience when surfing a session-controlled web site. Generally (IMHO), you shouldn't be using it at all.
If you want sessions to expire, you need to do one or both (preferably both) of two things.
1) Limit the life of the session on the server.
You do this by setting the session.gc_maxlifetime variable. This variable sets the maximum life in seconds of a session file on the server. Note that the garbage collector (gc) doesn't start every time session_start() is executed, so a session file may remain on the server longer than its maxlifetime, but once the value is exceeded, the file will be permanently deleted, thus closing the session. You can control (mostly) how frequently the gc is executed, but I'll leave that as an exercise for the reader.
ini_set('session.gc_maxlifetime', 1800);
Sets the maximum session file life to 30 minutes (1800 seconds).
2) Limit the life of the session on the client.
You do this by setting the maximum life of the session cookie (if you're using cookies, which you should be, they're the most secure method).
session_set_cookie_params(1800, '/');
sets all session cookies to 30 minutes (1800 seconds).
NOTES
A) Garbage collection is a PHP event. This means two websites on the same server use the same garbage collector and, without control, the same directory for session files. This means when your neighbor executes the gc, your files can be affected. And if your maxlife is shorter than his, then you're deleting his files sooner than he wants. You can avoid this problem by putting the session files for your website (or any sub-portion of the site) into their own directory using session_save_path(PATH); Then, when you start the gc, it only affects your session files, and when your neighbor starts the gc, it only affects his. For improved security, PATH should not be a public directory (c.f. file and directory permissions for your computer.)
B) The '/' in the cookie variable identifies the directories on your website the session cookie can be used for. For most people, leaving it as '/' (all directories) is OK, but keep it in mind. It's a useful tool if there's a user section to your website and an admin section and they both use session cookies. The admin might want to use '/', but the user might want to use '/user', etc.
C) ALL of these commands/variables MUST be executed BEFORE session_start(); Thus:
D) Finally, be aware that there's no way to guarantee a session will close in EXACTLY any amount of time. Cookies can be spoofed, which is why you should also use the gc, but the gc might not execute for several minutes (or longer if your site isn't used very often) after the session file times out. No solution is perfect, and you can only approach perfection as the number of people who use your site increases, thereby increasing the frequency of gc operation.
Cheers.
session_cache_expire is the wrong function. It sets the lifetime of session pages stored on the client's computer (think "web page cache"). It only operates when session.cache_limiter is set to something other than its default of nocache and has NO VALUE for timing out a session. It's only value is for convenience when surfing a session-controlled web site. Generally (IMHO), you shouldn't be using it at all.
If you want sessions to expire, you need to do one or both (preferably both) of two things.
1) Limit the life of the session on the server.
You do this by setting the session.gc_maxlifetime variable. This variable sets the maximum life in seconds of a session file on the server. Note that the garbage collector (gc) doesn't start every time session_start() is executed, so a session file may remain on the server longer than its maxlifetime, but once the value is exceeded, the file will be permanently deleted, thus closing the session. You can control (mostly) how frequently the gc is executed, but I'll leave that as an exercise for the reader.
ini_set('session.gc_maxlifetime', 1800);
Sets the maximum session file life to 30 minutes (1800 seconds).
2) Limit the life of the session on the client.
You do this by setting the maximum life of the session cookie (if you're using cookies, which you should be, they're the most secure method).
session_set_cookie_params(1800, '/');
sets all session cookies to 30 minutes (1800 seconds).
NOTES
A) Garbage collection is a PHP event. This means two websites on the same server use the same garbage collector and, without control, the same directory for session files. This means when your neighbor executes the gc, your files can be affected. And if your maxlife is shorter than his, then you're deleting his files sooner than he wants. You can avoid this problem by putting the session files for your website (or any sub-portion of the site) into their own directory using session_save_path(PATH); Then, when you start the gc, it only affects your session files, and when your neighbor starts the gc, it only affects his. For improved security, PATH should not be a public directory (c.f. file and directory permissions for your computer.)
B) The '/' in the cookie variable identifies the directories on your website the session cookie can be used for. For most people, leaving it as '/' (all directories) is OK, but keep it in mind. It's a useful tool if there's a user section to your website and an admin section and they both use session cookies. The admin might want to use '/', but the user might want to use '/user', etc.
C) ALL of these commands/variables MUST be executed BEFORE session_start(); Thus:
php Syntax (Toggle Plain Text)
Cheers.
Be intelligent, But Don't try to cheat.. Be innocent But Don't get cheated..
|
Similar Threads
- How to expire a session (PHP)
- Session destroy not working.... (PHP)
- session log out problem (PHP)
- the form cant remember me ????? (PHP)
Other Threads in the PHP Forum
- Previous Thread: How to put Delete button PHP
- Next Thread: forget password
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Latest PHP Posts
- Today's Posts
- Unanswered Threads
Related Forum Features
.htaccess alerts apache api archive array autocomplete beginner binary broken cakephp checkbox class cms code convert cron curl database date display duplicates dynamic echo email emptydisplayvalue error errors explodefunction file files folder form forms function functions google hack href htaccess html htmlspecialchars image include insert ip javasciptvalidation javascript joomla keywords limit link login loop mail menu methods mlm multiple mysql network object oop paypal pdf php problem query radio random recursion recursive redirect regex remote script search securephp server sessions shot sms soap source space sql subscription syntax system table tutorial update upload url validator variable video web xml youtube
