RICK: Any solution yet, to get session expired on browser close? |
[eluser]mindprojects[/eluser]
I'm using CI,and my client now asked me to destroy the session,for security reasons, on browser close? I have read a lot of posts.but no one is giving a good and a definitive answer. I tried to play with config parameters with no luck at all!!! Thanks
[eluser]i_like_ponies[/eluser]
Don't think you can do that out of the box with CI. You'd have to override the Session library as you can see from the code below. Code: 89 if ($this->sess_expiration == 0) From the PHP manual: Code: bool setcookie ( string $name [, string $value [, int $expire= 0 [, string $path [, string $domain [, bool $secure= false [, bool $httponly= false ]]]]]] ) So if you override that setcookie command you make it so it would expire the cookie at the end of the browser session (at least supposedly based on documentation).
[eluser]drewbee[/eluser]
Exactly. You will need to extend the session class. I think its kind of weird that it assumes we want it set for a set amount of time. Personally, for me, I've changed around the session class so much that you wouldn't even recognize the original CI Library. Thanks for pointing this out, it will be something I will be doing really soon. I didn't like the fact that it made the assumption, and it was removed as i_like_ponies pointed out above. Alas, it is easiest just to make a config option and go with that, so we don't mess with the session class too much. I am setting a configuration option that when TRUE, will follow code igniters current setup. We want to set a non-persistant cookie if we want it to expire at browser close. In your config file add a new configuration option: Code: $config['sess_persistant_cookie'] = TRUE; Update the base constructor to load the configuration value and set a default. In your extended session library variable initialization: find: Code: var $sess_expiration = 7200; Replace with: Code: var $sess_expiration = 7200; In the constructor, find: Code: // Set all the session preferences, which can either be set Replace with: Code: // Set all the session preferences, which can either be set Now in the function _set_cookie find: Code: function _set_cookie($cookie_data = NULL) { Replace with: Code: function _set_cookie($cookie_data = NULL) { Simply set your new configuration option to FALSE to have it expire at session close. Enjoy I just implemented this in my code base and it works like a charm. If the configuration option is set to TRUE all works as normal.
[eluser]mindprojects[/eluser]
Thanks guys it works like a charm....it was pretty new to me,that setting the cookie expiration time to zero,would make a cookie to expire on browser close. I've created a library called MY_SESSION inside my application folder.It's perfect....! Thanks a lot,i like when people a sharing such a knowledge. Marco
[eluser]mindprojects[/eluser]
Why they, from Ellislab, are not integrating such a config parameter,it's so easy and useful...
[eluser]drewbee[/eluser]
Politics is one of the best answers to that IMO a lot of the classes are almost where they need to be, and just need slight modifications to help them fit a good portion of needs. For instance, the upload class I think needs to have the ability to overwrite a file if it already exists instead of renaming it to another file name (but as a configuration option). CI is growing and continuing to become an even better system. One of the biggest things right now is I think most of the ellislabs folks are completely wrapped up with EE at the moment. CI is simply on the back burner it seems.
[eluser]littleram[/eluser]
Hey guys, thanks for all the info here. I incorporated the sess_persistent_cookie config variable and then realised that I needed a way of overriding it for individual sessions. The rationale being that I want users who are logging in to be able to tick a "Remember me?" checkbox. Ticking the box should cause the cookie to be persisted across browser sessions. Not ticking it should cause the cookie to expire when the browser closes. So I added a value called persistent_cookie which gets stored in the cookie itself. I also added a method - sess_persistent_cookie to be able to override this value at any point during execution. I've attched my MY_Session class with this change as well as a fix for serializing Objects (see http://ellislab.com/forums/viewthread/95690/). Enjoy.
[eluser]nuwanda[/eluser]
This was bugging me, too, then I found this thread. But I suspected there had to be an easier solution. I think there is. The CI cookie helper allows you to set a cookie with duration 0, which kills the cookie when the browser closes. This acts as a true session indicator. Why not simply create a cookie with duration=0 to kill the session, or duration=required_time_in_secs for a remember me option? You check for the presence of the cookie next time to see if the user needs to be logged in based upon the data in the regular CI session cookie.
[eluser]nottRobin[/eluser]
Thanks for all your help above. I've implemented my own solution to this from the code above, and it's pretty simple. The Simplest Solution! Just download my attached MY_Session.php file and place it in Code: system/application/libraries Code: ['sess_persistant_cookie'] = FALSE; That's it! ----------------------- Or if you already have a MY_Session.php file, you can edit it accordingly. Here's the contents of MY_Session: Code: <?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
[eluser]jordan314[/eluser]
Thanks to littleram for the "remember me" solution. I set my $config['sess_expiration'] to 604800 so that if remember me is checked it will remain open a week, but if it's not checked it will expire on browser exit. Thanks! |
Welcome Guest, Not a member yet? Register Sign In |