• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Session doesn't end when browser window is closed

#1
I am building an application that involves a registration form. If I log in, start to fill out the registration form and submit, I get the validation errors that I would expect. But if I then close the browser window, and then go back to the application, I get the login screen but with the previous validation error messages still showing above the login form, and I get the navigation tabs that belonged to the logged in user, including a logout tab.

Why is the session not ending when the browser window is closed?
Reply

#2
A session cookie is dropped by the browser based on how you set it's expires / max-age value.
In CodeIgniter this is set using $config['sess_expiration'] in the config.php file.

From the config.php file.
| 'sess_expiration'
|
| The number of SECONDS you want the session to last.
| Setting to 0 (zero) means expire when the browser is closed.

Therefore unless you manually "dump" the session it will be valid until the expiration at which time the browser will delete the cookie.

Since HTTP is stateless you actually have no idea if a user has "left" your web site (unless your doing some kind of ajax hacks or something).

https://en.wikipedia.org/wiki/Stateless_protocol

Don Myers
Reply

#3
Oh ya one other thing make sure you are setting your validation messages using CodeIgniter Session Flash Data
http://www.codeigniter.com/user_guide/li...#flashdata

If you are seeing your validation message(s) every time you view the page (if I read that right) then it sounds like your are using CodeIgniter userdata sessions

"CodeIgniter supports “flashdata”, or session data that will only be available for the next request, and is then automatically cleared."

Don Myers
Reply

#4
Sorry I took so long to respond - I got hung up in a bunch of work.

I do use flash_data for all my validation error messages.

However, I checked my config.php file and I had changed $config['sess_expiration'] to 0 early in the process to solve a different issue (I even forget what that issue was). Obviously 7200 was too short then - what would be a reasonable length of time before the session expires automatically, and then I guess I should figure out where I want to manually kill the session as well.
Reply

#5
7200 is two hours. For something that absolutely has to stay longer, you can set cookie data separately with a different expiration time, but you should probably be using a different storage mechanism than the session or cookie for longer-term data.

Realistically, you shouldn't even need flash data for the validation messages unless you're redirecting to display the form with the error messages. If you just load the view when the validation fails and populate the error messages, the data doesn't need to be persisted in the session, even for one request. (If you are populating the flash data and loading the view rather than redirecting, this may be the reason your validation messages are returning, depending on how you actually retrieve/display the messages.)
Reply


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.