Destroy session when the web browser is closed, its possible? |
[eluser]Unknown[/eluser]
Hello, i'm working with CodeIgniter sessions, i would like to destroy the session when the user close the web browser or when the user left the web site, how it is possible?
[eluser]Mirage[/eluser]
Setting sess_expiration to '0' should destroy the session when the browser is closed. Monitoring when a user leaves your website isn't really possible. There a tricks and hacks for that sort of thing that work with varying degrees of reliability usually involving javascript, but none of them have anything to do with the session. Cheers -m
[eluser]Rick Jolly[/eluser]
Actually, setting the expiration to "0" will cause the session to continue indefinitely. See here for a hack: http://ellislab.com/forums/viewthread/70036/. Alternatively, you could use php native sessions, or the CI-like Native Session Library in the wiki. NGSession also supports this and there may be other contributions.
[eluser]Mirage[/eluser]
Really? Wow - I stand correct then. It's been a while since I used the CI built-in session. I always though the sess_expiration controls the lifttime of the cookie. Guess I was wrong.... Sorry for the confusion... Cheers -m
[eluser]beemr[/eluser]
I think since about 1.6, CI sessions have a session regeneration feature that should solve your concerns. By default, the sessions are regenerated every 5 minutes, but of course, you can customize that setting. If a user closes his browser, the session will not get regenerated at the next interval and will become invalid. Derek Allard posted a nice write-up about it at his blog.
[eluser]Rick Jolly[/eluser]
[quote author="beemr" date="1221356998"]I think since about 1.6, CI sessions have a session regeneration feature that should solve your concerns. By default, the sessions are regenerated every 5 minutes, but of course, you can customize that setting. If a user closes his browser, the session will not get regenerated at the next interval and will become invalid. Derek Allard posted a nice write-up about it at his blog.[/quote] I think that just regenerates (changes) the session id in the cookie to guard against session fixation. Nothing to do with dropping the session.
[eluser]beemr[/eluser]
Wouldn't a stale session effectively give the OP the same results as a destroyed session? |
Welcome Guest, Not a member yet? Register Sign In |