Best Way to Completely Destroy a Session - Even If the Browser Is Not Closed

  • Home
  • Languages
  • PHP
  • Best Way to Completely Destroy a Session - Even If the Browser Is Not Closed

Best way to completely destroy a session - even if the browser is not closed

According to the manual, there's more to do:

In order to kill the session altogether, like to log the user out, the session id must also be unset. If a cookie is used to propagate the session id (default behavior), then the session cookie must be deleted. setcookie() may be used for that.

The manual link has a full working example on how to do that. Stolen from there:

<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();

// Unset all of the session variables.
$_SESSION = array();

// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
    $params = session_get_cookie_params();
    setcookie(session_name(), '', time() - 42000,
        $params["path"], $params["domain"],
        $params["secure"], $params["httponly"]
    );
}

// Finally, destroy the session.
session_destroy();
?>

Destroy PHP Session on closing

if you use:

session_set_cookie_params(0);
session_start();

Your session cookie will destroy when the browser is closed... so your session will be good until they close the browser. IE. You login, and you are logged in, you close the browser, re-open it, go to the site again, and you wont be logged in.

PHP session destroy is not working properly


if (!isset($_SESSION['key_set_time'])) {
$_SESSION['key_set_time'] = time();
} else if (time() - $_SESSION['key_set_time'] > 3600) {
   // session started more than 1 hour ago
   session_regenerate_id(true);    // change session ID for the current session
   $_SESSION['key_set_time'] = time();  // update creation time
}

This should work for your case. let me know if it doesn't.

You can alter else if statement as per your needs

PHP - Session destroy after closing browser

The best way is to close the session is: if there is no response for that session after particular interval of time. then close. Please see this post and I hope it will resolve the issue. "How to change the session timeout in PHP?"

Destroy or unset session when user close the browser without clicking on logout

You can set an expiration time for the session data, test it with each session_start call and destroy the session if it’s expired:

session_start();
if (!isset($_SESSION['EXPIRES']) || $_SESSION['EXPIRES'] < time()+3600) {
    session_destroy();
    $_SESSION = array();
}
$_SESSION['EXPIRES'] = time() + 3600;

Java:Why http session is not destroyed when tab or browser is closed?

How would the server know when the browser is closed or the tab closed? At that point the browser doesn't send anything to the server.

This is a fundamental part of HTTP - it's a request/response protocol, not a "permanently open conversation" where you can tell if one party leaves the conversation. Think of it as a series of telegrams rather than a phone call - and you can't tell when you've received the last telegram you're going to get.

You'll need to design your way round this - to avoid needing to know when the browser has been closed. There are some ugly hacks to work around it - making AJAX poll the server with a heartbeat message, for example - but changing the design is a better solution.

Session destroy on browser close

You keep login because your sessions are not destroyed even when the browser is closed. Sessions destroying on the closing of the browser is default behaviour but but this does not mean its the only behaviour. You can extend the expiry time of session. 

This behaviour can be changed in the php.ini file by altering the line:

Keeping a session alive indefinitely 

 session.cookie_lifetime = 0

So just check when you have set the expiry time for the sessions. Although using cookies will be a good option

Note:- Remember to restart your web server after making this change.

PHP session destroy on closing the browser

Assuming you are using cookie-based sessions, set the timeout very aggressively.

http://www.php.net/manual/en/session.configuration.php#ini.session.cookie-lifetime

You could also hook into the browser's unload event via JavaScript, and trigger a quick AJAX-request to your server that destroys the session.

http://eureka.ykyuen.info/2011/02/22/jquery-javascript-capture-the-browser-or-tab-closed-event/

I wouldn't rely on this client-side implementation, though - if the browser crashes, or the user force-closes it, that may not trigger the event. The browser itself may also limit how long it will give an onunload event to complete, in consideration of the user. A combination of these two methods would probably be the most effective.


Related Topics

How to Get Rid of Eval-Base64_Decode Like PHP Virus Files

Laravel Update Model With Unique Validation Rule For Attribute

How to Find Day of Week in PHP in a Specific Timezone

Profiling PHP Code

How to Store File Name in Database, With Other Info While Uploading Image to Server Using PHP

Get the First N Elements of an Array

PHP Curl, Extract an Xml Response

How to Best Store User Information and User Login and Password

Return Index of Highest Value in an Array

How to Check If a Word Is Contained in Another String Using PHP

PHP - Redirect and Send Data Via Post

Regular Expression Pattern to Match Url With or Without Http://Www

Passing Multiple Variables to Another Page in Url

How to Know Which 'PHP.Ini' File Is Used

Pdo Bindparam Vs. Execute

Does MySQL_Real_Escape_String() Fully Protect Against SQL Injection

How to Best Configure PHP to Handle a Utf-8 Website

Elegant Way to Get the Count of Months Between Two Dates


Leave a reply



Submit