Write For Us
php
session

Destroy or unset session when user close the browser without clicking on logout

Viewed   154 times

Possible Duplicate:
How do I expire a PHP session after 30 minutes?

I am destroying all session var in logout.php and calling it when user click on logout, what is user does not click on logout.php but directly close the browser. how can i delete session then???

 Answers

1

You can set an expiration time for the session data, test it with each session_start call and destroy the session if it’s expired:

session_start();
if (!isset($_SESSION['EXPIRES']) || $_SESSION['EXPIRES'] < time()+3600) {
    session_destroy();
    $_SESSION = array();
}
$_SESSION['EXPIRES'] = time() + 3600;
Tuesday, September 27, 2022
 
maxime_vast-d268b6d0ee6e
 
maxime_vast-d268b6d0ee6e
4

You can't detect when a user closes the browser or types in a new address. You basically need to have a "timeout" facility like the rest of the websites have.

Tuesday, December 27, 2022
 
brown
 
brown
4

You could set a cron job on the server to check for stale sessions But this is not a great solution since you have to deploy another solution (cron job) with your project. The way I would do it is have a check_credentials.php file included in your project that runs right after your DB connection, you will then add two fields in your users table for your projects users called: session_id AND last_checkin. The process will work like so:

Login:

  1. A session is created and a session_id can be retrieved from PHP on first hit (not logged in yet)
  2. If the user authenticates save the session_id to DB with current timestamp as last_checkin

Then you can have all the users do stale session checks at every page request:

Page Query:

  1. Delete session_id's from all users where last_checkin is older than 10min.
  2. Check if my current session_id = db.session_id
  3. If session don't match log out and send user to login.php
  4. if session_id's match then update last_checkin
Sunday, December 11, 2022
 
________robin_robinson ________
 
________robin_robinson ________
1

You can modify another users session (see below), although personally, I would recommend against it. As I imagine it can open up a whole world of session hijacking and other vulnerabilities.

With your example use case

A common user is logged, while in the same time an administrator uses the Admin functions and change some value for this user. If the value is not something obtained from the database every time, the session variable for that current logged in user need to have its value changed.

You would be better of updating the value in the database and then just checking to see if it's changed before you process the next page. If you don't want to be checking multiple user fields before each page load then when you update the user in the admin panel, you can build a hash of the values and add it to a new column called session_hash. Then just compare this field on page load

But if you still want to modify another user's session, you can set your current session_id to the targets.

// End my current session and save its id
session_start();
$my_session_id = session_id();
session_write_close();

// Modify our target session 
session_id($target_id);
session_start();
$_SESSION['is_logged_in'] = false;
session_write_close();

// Start our old session again
session_id($my_session_id);
session_start();

EDIT

Example: https://www.samdjames.uk/session_example/index.php

Example Src: https://gist.github.com/SamJUK/c220e3742487567c6262238edf85695e

Monday, December 5, 2022
 
miniwark
 
miniwark
5

Instead of setting the time in ini to a fixed length, remind that session timeout is reset on reload. So create some ajax code that does a request every 5 minutes or so to a file (image or smth). This way the timer is reset every 5 minutes and users can spend a day filling out your forms.

Saturday, November 5, 2022
 
nanobash
 
nanobash
Only authorized users can answer the search term. Please sign in first, or register a free account.
Not the answer you're looking for? Browse other questions tagged :
php
session
 
Share
Related Answers
82
 What do I need to store in the php session when user logged in?
40
 remove information from mysql table when user close his Browser
117
 PHP Codeigniter is showing the cache when i press the back button after I logout
48
 How to handle user online status when he/she close the browser?
82
 Invalidate login in Laravel when user leaves the page
130
 Auto Logout when user leaves the application without doing logout action
175
 Destroy a PHP session on clicking a link
57
 Anyway to detect whether user close the browser using php?
54
 How to unset a specific php session on logout
59
 KILL MySQL queries using PHP if user close the browser or navigate from one page to other page
Top Answers Related To

php,session

51
 Truly destroying a PHP Session?
112
 Maximum size of a PHP session
180
 PHP session IDs — how are they generated?
158
 PHP session seemingly not working
141
 How do check if a PHP session is empty?
84
 Same domain, different folder PHP session
485
 PHP Session not Saving
77
 Multidimensional array in php SESSION
69
 Has anyone created a PHP Session-like class in user code (not native)?
523
 PHP session not saved after curl call
Write For Us · Blog · Privacy · Faqs · Terms of Use · Contact us ·