+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived General Discussion (https://forum.codeigniter.com/forumdisplay.php?fid=21)
+--- Thread: IN CI SESSION IS NOT DESTROYING.. EVEN ON BROWSER CLOSED !!!!!!!! (/showthread.php?tid=27493)
Pages:
1
2
IN CI SESSION IS NOT DESTROYING.. EVEN ON BROWSER CLOSED !!!!!!!! - El Forum - 02-12-2010
[eluser]web_developer[/eluser]
I am really upset with session management in CI..
Yesterday in my Local PC I have logged in with My user.. And Today when I start my PC and I have opened my project.. And I found I am already login.
I have already implemented below steps in system/libraris/Session.php
Code:
// Set the session length. If the session expiration is
// set to zero we'll set the expiration two years from now.
if ($this->sess_expiration == 0)
{
$this->sess_expiration = (60*60*24*365*2);
$this->sess_delete_after_browser_close = false;
}
elseif($this->sess_expiration == -1)
{
$this->sess_expiration = 60*60*24;
$this->sess_delete_after_browser_close = true;
}Also Set session Expiration value like below..
$config['sess_expiration'] = -1;
BUT Even though it's not working... WHY?? NOW WHAT I HAVE TO DO??
I need really Tight security in my project and Now I m worrying.. THAT CI is safe for me or not..
IN CI SESSION IS NOT DESTROYING.. EVEN ON BROWSER CLOSED !!!!!!!! - El Forum - 02-12-2010
[eluser]Sbioko[/eluser]
Of course, its better to destroy session. Can you destroy it manually? Using $this->session->sess_destroy(); when you logged out.
IN CI SESSION IS NOT DESTROYING.. EVEN ON BROWSER CLOSED !!!!!!!! - El Forum - 02-12-2010
[eluser]web_developer[/eluser]
That is not the solution.. If any user has close their browser directly.
OR Suppose accidentally their PC become Power off. Then it should be the destroy the session.
Otherwise anyone can heck the account easily.
IN CI SESSION IS NOT DESTROYING.. EVEN ON BROWSER CLOSED !!!!!!!! - El Forum - 02-12-2010
[eluser]Tom Schlick[/eluser]
You should really read the freakin manual before you go on rants of how much CI session management sucks. And CAPS FOR YOUR TITLE DOESNT MAKE PEOPLE WANT TO HELP YOU MORE.
IN CI SESSION IS NOT DESTROYING.. EVEN ON BROWSER CLOSED !!!!!!!! - El Forum - 02-12-2010
[eluser]Sbioko[/eluser]
In my application all work correctly!
IN CI SESSION IS NOT DESTROYING.. EVEN ON BROWSER CLOSED !!!!!!!! - El Forum - 02-12-2010
[eluser]Sbioko[/eluser]
Quote:CAPS FOR YOUR TITLE DOESNT MAKE PEOPLE WANT TO HELP YOU MORE.Definitely agree with you!
IN CI SESSION IS NOT DESTROYING.. EVEN ON BROWSER CLOSED !!!!!!!! - El Forum - 02-12-2010
[eluser]web_developer[/eluser]
Below statement will destroy all the session from the system.
$this->session->sess_destroy();
If user click on logout then, I just want to remove only user login related session, completely..
And if user close the browser then completely all session should need to destroy..
I have written in Caps, because it's an Major issue & even it's not mentioned in Session Help
http://ellislab.com/codeigniter/user-guide/libraries/sessions.html
can you show me the link where you are telling me to read?
IN CI SESSION IS NOT DESTROYING.. EVEN ON BROWSER CLOSED !!!!!!!! - El Forum - 02-12-2010
[eluser]Sbioko[/eluser]
I think this is not a bug, maybe you did something wrong.
IN CI SESSION IS NOT DESTROYING.. EVEN ON BROWSER CLOSED !!!!!!!! - El Forum - 02-12-2010
[eluser]Tom Schlick[/eluser]
try looking at this thread
http://ellislab.com/forums/viewthread/109645/
i misunderstood your question because you didn't state that you wanted it to end on browser close. you just said you were logged in when you turned it back on. and NOTHING IS IMPORTANT ENOUGH TO USE ALL CAPS!
IN CI SESSION IS NOT DESTROYING.. EVEN ON BROWSER CLOSED !!!!!!!! - El Forum - 02-12-2010
[eluser]ChiefChirpa[/eluser]
[quote author="web_developer" date="1266003146"]
Also Set session Expiration value like below..
$config['sess_expiration'] = -1;
BUT Even though it's not working...[/quote]
...because your code still sets the cookie to the value of $this->sess_expiration, to get a "proper" session cookie that expires when the browser is closed, you must set the expiration of the cookie to 0.