Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived General Discussion IN CI SESSION IS NOT DESTROYING.. EVEN ON BROWSER CLOSED !!!!!!!!
IN CI SESSION IS NOT DESTROYING.. EVEN ON BROWSER CLOSED !!!!!!!!
  • El Forum
    Guest
  •  
#1
02-12-2010, 07:32 AM

[eluser]web_developer[/eluser]
I am really upset with session management in CI..

Yesterday in my Local PC I have logged in with My user.. And Today when I start my PC and I have opened my project.. And I found I am already login.

I have already implemented below steps in system/libraris/Session.php

Code:
// Set the session length. If the session expiration is
        // set to zero we'll set the expiration two years from now.
        if ($this->sess_expiration == 0)
        {
            $this->sess_expiration = (60*60*24*365*2);
            $this->sess_delete_after_browser_close = false;
        }
        elseif($this->sess_expiration == -1)
        {
            $this->sess_expiration = 60*60*24;
            $this->sess_delete_after_browser_close = true;
        }

Also Set session Expiration value like below..
$config['sess_expiration'] = -1;

BUT Even though it's not working... WHY?? NOW WHAT I HAVE TO DO??
I need really Tight security in my project and Now I m worrying.. THAT CI is safe for me or not..
  • El Forum
    Guest
  •  
#2
02-12-2010, 08:37 AM

[eluser]Sbioko[/eluser]
Of course, its better to destroy session. Can you destroy it manually? Using $this->session->sess_destroy(); when you logged out.
  • El Forum
    Guest
  •  
#3
02-12-2010, 08:47 AM

[eluser]web_developer[/eluser]
That is not the solution.. If any user has close their browser directly.
OR Suppose accidentally their PC become Power off. Then it should be the destroy the session.
Otherwise anyone can heck the account easily.
  • El Forum
    Guest
  •  
#4
02-12-2010, 08:49 AM

[eluser]Tom Schlick[/eluser]
You should really read the freakin manual before you go on rants of how much CI session management sucks. And CAPS FOR YOUR TITLE DOESNT MAKE PEOPLE WANT TO HELP YOU MORE.
  • El Forum
    Guest
  •  
#5
02-12-2010, 08:51 AM

[eluser]Sbioko[/eluser]
In my application all work correctly!
  • El Forum
    Guest
  •  
#6
02-12-2010, 08:51 AM

[eluser]Sbioko[/eluser]
Quote:CAPS FOR YOUR TITLE DOESNT MAKE PEOPLE WANT TO HELP YOU MORE.
Definitely agree with you!
  • El Forum
    Guest
  •  
#7
02-12-2010, 08:57 AM

[eluser]web_developer[/eluser]
Below statement will destroy all the session from the system.

$this->session->sess_destroy();

If user click on logout then, I just want to remove only user login related session, completely..
And if user close the browser then completely all session should need to destroy..

I have written in Caps, because it's an Major issue & even it's not mentioned in Session Help

http://ellislab.com/codeigniter/user-gui...sions.html

can you show me the link where you are telling me to read?
  • El Forum
    Guest
  •  
#8
02-12-2010, 09:04 AM

[eluser]Sbioko[/eluser]
I think this is not a bug, maybe you did something wrong.
  • El Forum
    Guest
  •  
#9
02-12-2010, 09:09 AM

[eluser]Tom Schlick[/eluser]
try looking at this thread

http://ellislab.com/forums/viewthread/109645/

i misunderstood your question because you didn't state that you wanted it to end on browser close. you just said you were logged in when you turned it back on. and NOTHING IS IMPORTANT ENOUGH TO USE ALL CAPS!
  • El Forum
    Guest
  •  
#10
02-12-2010, 09:28 AM

[eluser]ChiefChirpa[/eluser]
[quote author="web_developer" date="1266003146"]
Also Set session Expiration value like below..
$config['sess_expiration'] = -1;

BUT Even though it's not working...[/quote]

...because your code still sets the cookie to the value of $this->sess_expiration, to get a "proper" session cookie that expires when the browser is closed, you must set the expiration of the cookie to 0.




Theme © iAndrew 2016 - Forum software by © MyBB