RE: [Phplib-users] killing sessions when closing browser
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
RE: [Phplib-users] killing sessions when closing browser
|
From: Robert H. <rm...@le...> - 2003-07-15 17:49:12
|
What not spawn a popup window using the onclose event to request a logout or even just do the logout? -----Original Message----- From: php...@li... [mailto:php...@li...]On Behalf Of Layne Weathers Sent: Tuesday, July 15, 2003 9:42 AM To: Daniel Bondurant Cc: Php...@li... Subject: Re: [Phplib-users] killing sessions when closing browser > After I upgraded to phplib 7.4-pre2, and can't seem to get sessions to > be destroyed when a browser is closed and then reopened. Before the > user would have to log in again, now they are still logged in. Sessions have never worked that way. You were mistaken concerning the previous behavior. The only way to tie sessions to a particular browser window is to use GET instead of a session cookie (I do not recommend this). If you actually quit the browser and launch it again you will have destroyed the session cookie and will be forced to login again. There are two ways in which it could appear that closing and opening a new browser window destroys the session cookie. First, Windows IE can run as multiple processes. If you login to a page, close the window and open a window in a new process, you have a new browser memory with new session cookies - you will have to login. Second, if you allow your auth to expire by inactivity, close the browser window and open another window, you will be forced to login again. Both may initially appear to tie sessions to windows, but they do not. They both work the same in 7.4-pre2 as in previous versions of PHPLib. > How do I force the login when the browser is closed and then re-opened. Use GET (I do not recommend this). I suggest you forget about it. As long as you have auth set to expire at a reasonable time, and encourage your users to logout instead of closing the browser window, you should be just fine. Layne Weathers P.S. It occurs to me that you could spawn a pop-under window with javascript that periodically checks to see that the main window is still open. If the main window is not open, the pop-under could load the logout page. There is nothing to prevent the user from closing the pop-under before closing the main window. This kind of "solution" does not work for all users and, IMHO, is rarely worth the effort. ------------------------------------------------------- This SF.Net email sponsored by: Parasoft Error proof Web apps, automate testing & more. Download & eval WebKing and get a free book. www.parasoft.com/bulletproofapps1 _______________________________________________ Phplib-users mailing list Php...@li... https://lists.sourceforge.net/lists/listinfo/phplib-users |
