Session not being destroyed upon the browser closure

[eluser]Unknown[/eluser]
Hello,

My CI app is keeping the sessions even after I close the browser and restart it. Why is that?

Thanks.

[eluser]überfuzz[/eluser]
You're not giving away much to correct here are you? Is there any code corresponding to the problem you're facing?

Try this:

Code:

$this->session->sess_destroy();

[eluser]WanWizard[/eluser]
The current CI session library doesn't support the option at the moment.

Normally you would use a session timeout value of zero, which on the session cookie means 'valid until the browser closes'.

However, the CI session library says:

Code:

// Set the session length. If the session expiration is
// set to zero we'll set the expiration two years from now.
if ($this->sess_expiration == 0)
{
    $this->sess_expiration = (60*60*24*365*2);
}

I solved this by adding this bit of code to my MY_Session library (create it if you don't have one):

Code:

// call the parent constructor
parent::CI_Session();

// reset the session expiration to zero here, to work around the CI
// assumption that a zero value means '2 years', instead of 'end of session'!
$this->sess_expiration = 0;

[eluser]Refringe[/eluser]
@WanWizard: Could you please elaborate on how to create your "MY_Session" library?

I've created the file:
application/libraries/MY_Session.php

MY_Session.php contents:

Code:

class MY_Session extends CI_Session {
    function MY_Session()
    {
        parent::CI_Session();
        $this->sess_expiration = 0;
    }
}

Then to load MY_Session I add it to the autoload array in:
application/config/config.php

Code:

$autoload['libraries'] = array('session', 'my_session');

Is this correct?

[eluser]Refringe[/eluser]
That can't be right. It's setting two sessions for every one visit.

[eluser]Colin Williams[/eluser]
You don't need to autoload MY_Session. CI will include and instantiate it automatically

[eluser]Refringe[/eluser]
Great! It's working now.

What I've ended up doing is changing WanWizard's code so the $config['sess_expiration'] variable can still be used, however if the value is set to "0" then it's kept that way. A little more extendable that way, I think.

Code:

<?php  if ( ! defined('BASEPATH')) exit('No direct script access allowed');
    
    /*
    ** MY_Session Class
    **
    ** Extends the core CI_Session, giving default session behaviour;
    ** when the browser closes, the sessions are destroyed.
    */
    class MY_Session extends CI_Session {
        
        function MY_Session()
        {
            parent::CI_Session();
        }
        
        function _set_cookie($cookie_data = NULL)
        {
            if (is_null($cookie_data))
            {
                $cookie_data = $this->userdata;
            }
            $cookie_data = $this->_serialize($cookie_data);
            if ($this->sess_encrypt_cookie == TRUE)
            {
                $cookie_data = $this->CI->encrypt->encode($cookie_data);
            }
            else
            {
                $cookie_data = $cookie_data.md5($cookie_data.$this->encryption_key);
            }
            
            /*
            ** The only time $this->sess_expiration will be equal to this value is when
            ** $config['sess_expiration'] is set to "0". We're just making sure it
            ** stays this way.
            */
            if ($this->sess_expiration == 63072000)
            {
                $this->sess_expiration = 0;
            }
            else
            {
                $this->sess_expiration = $this->sess_expiration + time();
            }
            setcookie($this->sess_cookie_name, $cookie_data, $this->sess_expiration, $this->cookie_path, $this->cookie_domain, 0);
        }
    }
    
?>

Thanks for your help.