Welcome Guest, Not a member yet? Register   Sign In
Session does not expire? why?
#1

[eluser]mindprojects[/eluser]
Hi to all!,
my web applicaiton is running on CI 1.6.3.
This is my session config:

Code:
$config['sess_cookie_name']        = 'ci_session';
$config['sess_expiration']        = 0;
$config['sess_encrypt_cookie']    = TRUE;
$config['sess_use_database']    = TRUE;
$config['sess_table_name']        = 'bk.ci_sessions';
$config['sess_match_ip']        = FALSE;
$config['sess_match_useragent']    = TRUE;
$config['sess_time_to_update']         = 5;

Following the idea that,if i'm closing and opening the browser in a range of time more than 5 seconds(sess_time_to_update),session should expire,shouldn't?
It doesn't happen,everytime i'm getting session data always on. Why?

Thanks in advance.
#2

[eluser]sensimevanidus[/eluser]
When you open your browser and visit a site that attempts to start a new session, the server assigns you a new session id. When you close your browser, your current session ends and session cookies are automatically deleted; so is your session id. If you read "Session Class" part of CodeIgniter's user guide; you'll see that:
sess_time_to_update: This options controls how often the session class will regenerate itself and create a new session id. This has nothing to do with opening or closing the browser. Normally, one session is referenced by only one session id; but using CodeIgniter's session class, you can have different session ids for a session over time. Say your session was started 9 mins ago and "sess_time_to_update" is configured to 5 mins. In this situation, you'll not be using the session id that was created during your session's initialization. Instead, you'll be using the one that was re-created for your session 4 mins ago. Hope that was clear.
And also, the guide says that:
sess_expiration: The number of seconds you would like the session to last. The default value is 2 hours (7200 seconds). If you would like a non-expiring session set the value to zero: 0. Your "sess_expiration" is set to 0; so your session won't expire unless you close your browser.
#3

[eluser]mindprojects[/eluser]
Ok,but i was a little bit confused by this:
http://bleakview.orgfree.com/obsession/
and i was thinking he was talking about CI sessions....probably was the template...ARGHH!!!

So how to make a session expire on browser close,and make users to login again?

Thanks.
#4

[eluser]sensimevanidus[/eluser]
Are you using cookies(not session cookies of course)?
#5

[eluser]mindprojects[/eluser]
Yes for multilanguage support! Could it be the problem? i'm going to check it now,i'll let you know.
#6

[eluser]sensimevanidus[/eluser]
Maybe you're using something like "Remember me" feature found everywhere?
#7

[eluser]mindprojects[/eluser]
No no,it could be the multilanguage cookie....tomorrow i'll see..keep in touch.
#8

[eluser]mindprojects[/eluser]
Notihing to do,it wasn't the language cookie.
Are you sure tha closing the browser window session is going to expire?
#9

[eluser]mindprojects[/eluser]
All right this is the solution:

Session won't expire on browser exit,session will espire only after $config['sess_expiration'] time is expired from last login.
The value of 0 means no expiration!.

Now this is the problem:
i have a site and people access the web app from public places.So i need to avoid that if a user is going to close his browser session data keep living in session for the next user.
The solution,i think,is deleting the session on browser exit,isn't it?
How to do that?




Theme © iAndrew 2016 - Forum software by © MyBB