CodeIgniter Forums

Full Version: User Remains Logged In After Browser Closes
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
I have tried Community Auth and Ion Auth. In both cases the user remains logged in after the browser closes.

I have tested both libraries using the 'Remember Me' feature but not checking the box, and turning the 'Remember Me' feature off completely. In all cases, if I'm logged in and close the browser, then I'm still logged in when I re-open the browser and revisit the site. Even if I wait a few minutes before going back.

I've also tested this on Firefox and Chrome.

Am I missing something about sessions? cookies? Please help.
I can only speak for Community Auth.

Community Auth does have a remember me feature, but it doesn't do anything unless you've set up your CI sessions correctly, which is to drop sessions at browser close. So you see in that case you have a toggle between the two. Technically you could still have the session dropped after X seconds and use that with remember me, but I think that what I described first is the way most people are going to use it.

Community Auth does very little to alter the way CI sessions behave, so you should first configure your sessions, then decide if you want somebody to have the extended "remember me" option.
Thank you for the reply, and sorry for my ignorance, but I'm having trouble getting it to drop sessions at browser close.

I tried adding $config['sess_expire_on_close'] = TRUE to the config file. That did not correct the issue.

Currently my sess_driver is 'files' (fresh install of ci). Does it need to be set to 'database'?

I guess I'm not completely sure what "set up correctly" means here.
Ok, thanks skunkbad. I didn't completely understand the session functionality. Got it working now. Thanks for your patience with an amateur.
For any others stuck on this: Following the sessions instructions for "files" session driver, I created a directory in application, named ci_sessions. Set permissions to 700.

Then in config.php:
$config['sess_driver'] = 'files';
$config['sess_cookie_name'] = 'ci_session';
$config['sess_expiration'] = 0; //<-- changed from 7200
$config['sess_save_path'] = 'application/ci_sessions'; //<-- changed from NULL
$config['sess_match_ip'] = FALSE;
$config['sess_time_to_update'] = 300;
$config['sess_regenerate_destroy'] = TRUE; //<-- changed from FALSE