Destroy or Unset Session When User Close the Browser Without Clicking on Logout

Destroy or unset session when user close the browser without clicking on logout

You can set an expiration time for the session data, test it with each session_start call and destroy the session if it’s expired:

session_start();
if (!isset($_SESSION['EXPIRES']) || $_SESSION['EXPIRES'] < time()+3600) {
    session_destroy();
    $_SESSION = array();
}
$_SESSION['EXPIRES'] = time() + 3600;

PHP session destroy on closing the browser

Assuming you are using cookie-based sessions, set the timeout very aggressively.

http://www.php.net/manual/en/session.configuration.php#ini.session.cookie-lifetime

You could also hook into the browser's unload event via JavaScript, and trigger a quick AJAX-request to your server that destroys the session.

http://eureka.ykyuen.info/2011/02/22/jquery-javascript-capture-the-browser-or-tab-closed-event/

I wouldn't rely on this client-side implementation, though - if the browser crashes, or the user force-closes it, that may not trigger the event. The browser itself may also limit how long it will give an onunload event to complete, in consideration of the user. A combination of these two methods would probably be the most effective.

PHP - Session destroy after closing browser

The best way is to close the session is: if there is no response for that session after particular interval of time. then close. Please see this post and I hope it will resolve the issue. "How to change the session timeout in PHP?"

After session destroy or close browser tab or close browser execute logout using Laravel 5.2

The server does not know if the user has closed the browser window. You need to detect this event via javascript on the client side and notify the server manually.

See this answer: javascript detect browser close tab/close browser

Best way to completely destroy a session - even if the browser is not closed

According to the manual, there's more to do:

In order to kill the session altogether, like to log the user out, the session id must also be unset. If a cookie is used to propagate the session id (default behavior), then the session cookie must be deleted. setcookie() may be used for that.

The manual link has a full working example on how to do that. Stolen from there:

<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();

// Unset all of the session variables.
$_SESSION = array();

// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
    $params = session_get_cookie_params();
    setcookie(session_name(), '', time() - 42000,
        $params["path"], $params["domain"],
        $params["secure"], $params["httponly"]
    );
}

// Finally, destroy the session.
session_destroy();
?>

Destroy PHP Session on closing

if you use:

session_set_cookie_params(0);
session_start();

Your session cookie will destroy when the browser is closed... so your session will be good until they close the browser. IE. You login, and you are logged in, you close the browser, re-open it, go to the site again, and you wont be logged in.

---

Related Topics