Clear Session after Browser is closed

Hi Everyone

I want to clear my session after browser is closed. Have any idea?

Thanks in advance

Is your PHP application reliant on instant updates? If not, then it is probably a better option to employ a session timeout. If the user has not requested a new page within for example 10 minutes, then clear the session.

If you also use Session cookies, then they should be cleared automatically when the browser closes. Thus as far as the browser is concerned, the session is terminated. However, your server won't know this has happened until the next time the browser requests a page.

If your application requires instant notification of user logout, then you can use JavaScript to note when user reloads or closes a browser page.

The browser triggers the event "onunload" and "onbeforeunload" when it closes or reloads a page. The event is attached to the window object. What you can do is send a HTTP request to the server, when ever a window is reloaded.

eg: pseudo code

window.onunload = function() {
    new XMLHttpRequest().post("close_notification.php");
};

On the receiving end, you want your PHP script to wait a few seconds to see if a new page is requested. If none is requested, then you can consider the browser closed.

What to note is that some users may have more then one page of your website open. To handle that, you will have to give pages unique IDs and track them.

Another way to keep a session instantly updated is to use a semi-persistent connection the the server. This is used by applications such as Gmail's GTalk, and Facebook chat etc. A simple example is to generate HTTP request to the server every 30 seconds, to tell the server the page is still open. If the server does not receive a request in say 1 minute, it knows the page was closed. The way modern browser apps do it is to have a special server, that keeps a persistent HTTP request open, or two HTTP requests on the same TCP connection. This is usually called Comet, and makes stateless HTTP behave similar to persistent TCP connections.

See Comet: http://en.wikipedia.org/wiki/Comet

Hi
When we Close the Browser, the session automatically get Destroy, Its default

Hi
When we Close the Browser, the session automatically get Destroy, Its default

That is good to note. The default php.ini file will have:

session.cookie-lifetimie = 0

http://www.php.net/manual/en/session.configuration.php#ini.session.cookie-lifetime

Which means PHP will use session cookies, which are deleted after the browser closes.

However, this only means the browser destroyed the session.

A webserver can NOT directly know when a browser deleted a cookie. Thus it has to set a lifetime for sessions. For default PHP the lifetime is set in PHP.ini using: session.gc-maxlifetime.

http://www.php.net/manual/en/session.configuration.php#ini.session.gc-maxlifetime

In fact, if you visit a PHP page that uses the default session handler, then close the broser, then visit the page again. You would have created two sessions in PHP. PHP will keep the both sessions until the setting session.gc-maxlifetime is reached for either one.

If you do this 10 times, you will create 10 different sessions, even though it is from the same browser. This is a problem that occurs in all web applications that use pure cookie based sessions.

A good way around this is to set a value for session.gc-maxlifetime in PHP.ini. You have to be careful not to make the lifetime too short, or registered users will get logged out often, or too long, which can be more of a security issue.

Off Topic: A huge problem with cookie based sessions is when search bots crawl pages. You may see times when there appears to be 100 users on your site, when it turns out goolebot just crawled 100 pages. The reason is that most bots do not save the session cookie, and thus appear to be a new user each time they request a page.