+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23)
+--- Thread: Destroy session when the web browser is closed, its possible? (/showthread.php?tid=11559)
Destroy session when the web browser is closed, its possible? - El Forum - 09-13-2008
[eluser]Unknown[/eluser]
Hello,
i'm working with CodeIgniter sessions, i would like to destroy the session when the user close the web browser or when the user left the web site, how it is possible?
Destroy session when the web browser is closed, its possible? - El Forum - 09-13-2008
[eluser]Mirage[/eluser]
Setting sess_expiration to '0' should destroy the session when the browser is closed. Monitoring when a user leaves your website isn't really possible. There a tricks and hacks for that sort of thing that work with varying degrees of reliability usually involving javascript, but none of them have anything to do with the session.
Cheers
-m
Destroy session when the web browser is closed, its possible? - El Forum - 09-13-2008
[eluser]Rick Jolly[/eluser]
Actually, setting the expiration to "0" will cause the session to continue indefinitely. See here for a hack: http://ellislab.com/forums/viewthread/70036/. Alternatively, you could use php native sessions, or the CI-like Native Session Library in the wiki. NGSession also supports this and there may be other contributions.
Destroy session when the web browser is closed, its possible? - El Forum - 09-13-2008
[eluser]Mirage[/eluser]
Really? Wow - I stand correct then. It's been a while since I used the CI built-in session. I always though the sess_expiration controls the lifttime of the cookie. Guess I was wrong.... Sorry for the confusion...
Cheers
-m
Destroy session when the web browser is closed, its possible? - El Forum - 09-13-2008
[eluser]beemr[/eluser]
I think since about 1.6, CI sessions have a session regeneration feature that should solve your concerns. By default, the sessions are regenerated every 5 minutes, but of course, you can customize that setting. If a user closes his browser, the session will not get regenerated at the next interval and will become invalid. Derek Allard posted a nice write-up about it at his blog.
Destroy session when the web browser is closed, its possible? - El Forum - 09-13-2008
[eluser]Rick Jolly[/eluser]
[quote author="beemr" date="1221356998"]I think since about 1.6, CI sessions have a session regeneration feature that should solve your concerns. By default, the sessions are regenerated every 5 minutes, but of course, you can customize that setting. If a user closes his browser, the session will not get regenerated at the next interval and will become invalid. Derek Allard posted a nice write-up about it at his blog.[/quote]
I think that just regenerates (changes) the session id in the cookie to guard against session fixation. Nothing to do with dropping the session.
Destroy session when the web browser is closed, its possible? - El Forum - 09-14-2008
[eluser]beemr[/eluser]
Wouldn't a stale session effectively give the OP the same results as a destroyed session?