views:

679

answers:

5

Currently, in my php script, after an user logged in, i stored session_login = 1. But I have a problem. I have a habit in using firefox, multi-tab (i believe most people and all today web browsers app have multi-tab function). I closed the tab that has the session, but I didnt closed the browser. After few hours, I come back on the same page that require me to login, but it doesn't. It does not require me to login again(I think thats called "Session"). Is there anyway to logout the user if he close the tab instead close the browser??

I have 1 solution right now, time-idle kick out. But, I have very limited knowledge in date/time thing in php, so this would be the last option. I wanted to know, is there anything else i can do, beside using time-idle?

+1  A: 

PHP has an easy way to set how long a session will last before it times out:

session_set_cookie_params(3600); // make it expire after 1 hour

Just pass it the number of seconds you want the session to last (in the example, 1 hour = 60 minutes = 3600 seconds).

http://us2.php.net/manual/en/function.session-set-cookie-params.php

Amber
This method works for current project(solve my problem temporary). But next project i might need to use Richy C answer, because the user may stay on my site for more than 1 hour. Hard to choose best answer. Well, I will choose the best answer based on the "voted"
bbtang
+1  A: 

A session cookie is only cleared from the browser when the browser session is closed (i.e. when the browser is closed): hence the name. If you want the session to be cleared shortly after the tab is closed you could set a very short expiry time on the cookie (around 5 minutes) and store the same in the database. Then have a javascript function on the web page calling a file from your server every minute: this file then "refreshes" the cookie/database entry for the next five minutes. If they then leave your site for more than five minutes, then the session is invalidated.

You could also add a Javascript "onunload" function which detects if they have closed the webpage or gone to another page: you could add a hook on this to call a "destroycookie" function - however, you'll have to check that they haven't just gone to another page on your site and don't actually have two pages from your site open in two tabs.

Richy C.
This sounds cool. But unfortunately, I don't know JavaScript.
bbtang
Oh ya, btw, you mentioned that "calling a file from your server every minute", if I have 1000 or more users on the same time logged in, thats means every minute my server need to response those 1000++ users, am I right? Will it slow down my server performance? Is there a better way?
bbtang
A combination of http://www.quirksmode.org/js/xmlhttp.html and setInterval ( sendRequest('refresh.php'), 60000 ); to fetch the "refresh.php" every minute (6000 milliseconds) should do the job.
Richy C.
Yes, it could slow it down if you are having 1,000+ requests every minute: you could change the cookie timeout to 10 minutes and then refresh every 5 minutes or so to reduce any load.
Richy C.
A: 

I believe the option you are looking for is the setting for the session cookie expiration. I don't remember the PHP command for it, but you should be able to set the cookie to expire when the window closes.

Here is the PHP session documentation: http://us2.php.net/manual/en/book.session.php

CyberSkull
Thanks for the link, I will definitely go and take a look
bbtang
A: 

Maybe you could use session_write_close()?

Kunla
I am totally clueless about session_write_close(). I am a new php coder. I am gonna check this one out. Thanks
bbtang
A: 

There's a comment on the PHP documentation for the session_destroy function that might be useful to you: http://us2.php.net/manual/en/function.session-destroy.php#71889

Joe Sergeant
I normally use the session_destroy only on logout page. Um, well, let me think about, I believe it might be useful in some way and probably could solved my problem.. Focus, focus, focus.. think, think, think....
bbtang