Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

PHP Sessions

  • 17-04-2011 4:10pm
    #1
    Closed Accounts Posts: 2,696 ✭✭✭


    I have a php session (not using cookies) - When I close my browser window (IE 8) and reopen, the session is still available

    My understanding is that the session should terminate on closing of browser - is this not the case?


Comments

  • Registered Users, Registered Users 2 Posts: 2,089 ✭✭✭henryporter


    Presumably you should be including a statement to close the session as opposed to relying on the browser to do so - not a bad discussion on the topic here: http://www.webmasterworld.com/forum88/1131.htm


  • Closed Accounts Posts: 2,696 ✭✭✭mark renton


    That discussion seems to be on server side management of sessions and

    my query is on client side sessions - i dont see how server side could differentiate between an active session and a non active session if the session is regenerated on client browser each time it is reopened


  • Closed Accounts Posts: 2,696 ✭✭✭mark renton


    Below is what i expected when leaving website - however if i reopen login page the session reverts to previous session



    http://www.w3schools.com/PHP/php_sessions.asp

    A PHP session solves this problem by allowing you to store user information on the server for later use (i.e. username, shopping items, etc). However, session information is temporary and will be deleted after the user has left the website. If you need a permanent storage you may want to store the data in a database.


  • Registered Users, Registered Users 2 Posts: 105 ✭✭damoth


    As far as I know, there are 2 ways sessions get removed from the server.

    1. Manually deleted in your code (e.g. in a logout script). This includes removing the cookie on the client which contains the session id.

    2. By garbage collection after some inactivity period. This can be modified by you using the 'session.gc_maxlifetime' parameter.

    john47832 wrote: »
    However, session information is temporary and will be deleted after the user has left the website.
    ... They don't specify how quickly here.


  • Registered Users, Registered Users 2 Posts: 1,657 ✭✭✭komodosp


    I always thought PHP used cookies to maintain the session info. But the OP says "Not using cookies" so how is the session info being maintained at all?


  • Advertisement
  • Closed Accounts Posts: 7 Dashe


    The only way I can think of the browser matching the session to a previous one after the browser is closed is by cookies.

    If your site drops a cookie with the session_id in it, when the browser reopens and goes to the site it can reestablish its previous session.

    Check and see if there are any cookies from your site?


  • Registered Users, Registered Users 2 Posts: 9,579 ✭✭✭Webmonkey


    komodosp wrote: »
    I always thought PHP used cookies to maintain the session info. But the OP says "Not using cookies" so how is the session info being maintained at all?
    +1 on this. Sessions can't work without cookies or otherwise passing a unique session ID in every URL you request. I take it, it's the cookie way that the server is using.

    I actually don't think it's possible to guarantee. Maybe you could use some AJAX to call a script to destroy the session when the browser is closing. Never tried it though.


  • Registered Users, Registered Users 2 Posts: 68,317 ✭✭✭✭seamus


    PHP Sessions use...session cookies.

    The browser should discard this cookie when closed. One thing to check is that the actual browser is closed, as opposed to just the window. If you load up your site in one tab or window, and then close it but there are still other IE8 windows open (or an IE process open in the background), then the browser will hold onto your session cookie.

    A handy thing to do while developing is to include a "reset session" link in the footer of your pages. So if you want to start again, you click this link and it brings you back to
    $_SERVER."?resetSession=1"

    You can then stick a piece of code in your header or any includes files to pick up this GET variable and delete any open sessions before starting a new one. Saves you having to close five or six open browser windows to start testing again.


Advertisement