Welcome Guest, Not a member yet? Register   Sign In
Destroy Session on Browser Close
#1

[eluser]neofactor[/eluser]
I have looked at lots of conversation on this topic.. but have not found a definitive answer on it.

I use a session to track if a user is logged in. (not in a database)
I would like to know exactly how to have this session destroyed when the user closes the browser / quits the browser.

It seems like something that should be trivial to resolve, but I have yet to get a working solution.


I appreciate all help and insights on this topic.
#2

[eluser]neofactor[/eluser]
I think I have the answer....

Change system/libraris/Session.php Line ~87

before:
Code:
// Set the session length. If the session expiration is
        // set to zero we'll set the expiration two years from now.
        if ($this->sess_expiration == 0)
        {
            $this->sess_expiration = (60*60*24*365*2);
        }

after:
Code:
// Set the session length. If the session expiration is
        // set to zero we'll set the expiration two years from now.
        if ($this->sess_expiration == 0)
        {
            $this->sess_expiration = (60*60*24*365*2);
            $this->sess_delete_after_browser_close = false;
        }
        elseif($this->sess_expiration == -1)
        {
            $this->sess_expiration = 60*60*24;
            $this->sess_delete_after_browser_close = true;
        }


The in the Application/Config/config.php
Change to:
Code:
$config['sess_expiration']         = -1;



Then re-initiate your session by logging out and recreating a session.
Closing browser shows the session is destroyed.



Questions I have...
Does this mean that my session is open FOREVER, until the browser is closed/quit?
No more timeout?
Why is this not a direct option in core CI version?


I appreciate any thoughts on this topic.
#3

[eluser]aryan_[/eluser]
I agree with you. CI must implement this.

Thanks for your suggestion.
#4

[eluser]aryan_[/eluser]
I did this but, it doesn't work.

CI guys, please help.
#5

[eluser]InsiteFX[/eluser]
Sessions are stored on the server unless you use the session database. It will not expire until the session time limit is up. One way to deal with this is to regenerate the session_id when a user logout and logins.

If you use CI session database just unset the session variables.

Enjoy
InsiteFX
#6

[eluser]neofactor[/eluser]
But that is my point...

Most people close a browser instead of logging out.
Typical websites do it right... a session times out after a set period of time... and if you close your browser, your session is dead.

CI needs a hack to kill a session on browser close, and if you do that... there is no time out. It is one or the other... which seems strange.
#7

[eluser]skunkbad[/eluser]
[quote author="neofactor" date="1254718539"]But that is my point...

Most people close a browser instead of logging out.
Typical websites do it right... a session times out after a set period of time... and if you close your browser, your session is dead.

CI needs a hack to kill a session on browser close, and if you do that... there is no time out. It is one or the other... which seems strange.[/quote]

This is one reason to use the standard php $_SESSION. I do like the CI flash sessions, but find myself using $_SESSION quite a bit. What's wrong with $_SESSION anyway? I think a framework is supposed to make life easier, not harder, and there's nothing particularly hard about using $_SESSION.
#8

[eluser]neofactor[/eluser]
I will try this to avoid using CI's sessions and leverage native php session: http://codeigniter.com/wiki/Native_session/

I think $_SESSION is far more secure since CI 'sessions' are simply cookies stored client side which is a poor security model.




Theme © iAndrew 2016 - Forum software by © MyBB