Maybe it can by signing out into the website and not by closing the browser.
Maybe you should explain why you need to do this. Normally, the session will terminate automatically when the browser is closed.
Thanks to all reply:
@Chrishea: how about if they save their cookies/PHPSESSID and not yet expired? the session cannot terminate that. Once they open their browser their still login.
For security purposes I want my client if she forgot to logout to her account when she closed her browser no one can use her account again.
Okay. So you want to clear the cookie and not the session. Think about this. Even the big socializing site (facebook for example) don't have that kind of security. So honestly its hard to give an idea on how to do that.
cookie and session id are the same in php right?
HTTP_COOKIE = PHPSESSID=e9d80541298eee19f05a93989b18b6cd
thanks for your reply...ok try to end the cookies :-)
It is possible to do that...Although at present i don't have solution but it's a nice question n i will start working on it soon....
Many sites provide such kind of facilities...
If you have a login process, then you need to have a timed process that checks if an account is still active/online and if they aren't then you automatically log them out. You could do this every 15 minutes and any account that is logged-in but inactive would be logged out. Obviously, this also means that you need the ability to track activity. Unless you are doing financial transactions or some other very sensitive process, this isn't a big issue. If you have provided the ability to logout and the user chooses not to do it, then he/she can still access your site from that machine & browser without logging in again. In most cases, this is a "so what" situation.
yes i am doing financial transaction :-)
Die(); // at the end of your code may be useful.
Depending on what you're doing in the PHP coding.
What are you currently setting the cookies' expiration date to? If you don't set it to anything, then they will expire automatically when the browser closes.
If you're trying to automatically log the client out after, say, 15 minutes of inactivity, then you will need a system to monitor the user's actions and log when the last action (like loading a new page) took place.
Save a session variable called $_SESSION with time() value every time a page is viewed.
BUT, check first check to see if the current time (time()) is within 15 minutes (900). If so, store the new time, otherwise unset all session data and logout / redirect whatever.
Perhaps this isn't ideal for a financial transaction though. *I don't know*