tags:

views:

679

answers:

5
Q: 

How to log out an user in php?

Currently, in my php script, after an user logged in, i stored session_login = 1. But I have a problem. I have a habit in using firefox, multi-tab (i believe most people and all today web browsers app have multi-tab function). I closed the tab that has the session, but I didnt closed the browser. After few hours, I come back on the same page that require me to login, but it doesn't. It does not require me to login again(I think thats called "Session"). Is there anyway to logout the user if he close the tab instead close the browser??

I have 1 solution right now, time-idle kick out. But, I have very limited knowledge in date/time thing in php, so this would be the last option. I wanted to know, is there anything else i can do, beside using time-idle?

+1  A: 

PHP has an easy way to set how long a session will last before it times out:

session_set_cookie_params(3600); // make it expire after 1 hour

Just pass it the number of seconds you want the session to last (in the example, 1 hour = 60 minutes = 3600 seconds).

http://us2.php.net/manual/en/function.session-set-cookie-params.php

Amber  2009-08-03 08:42:47
This method works for current project(solve my problem temporary). But next project i might need to use Richy C answer, because the user may stay on my site for more than 1 hour. Hard to choose best answer. Well, I will choose the best answer based on the "voted"
bbtang  2009-08-03 09:30:32
+1  A: 

A session cookie is only cleared from the browser when the browser session is closed (i.e. when the browser is closed): hence the name. If you want the session to be cleared shortly after the tab is closed you could set a very short expiry time on the cookie (around 5 minutes) and store the same in the database. Then have a javascript function on the web page calling a file from your server every minute: this file then "refreshes" the cookie/database entry for the next five minutes. If they then leave your site for more than five minutes, then the session is invalidated.

You could also add a Javascript "onunload" function which detects if they have closed the webpage or gone to another page: you could add a hook on this to call a "destroycookie" function - however, you'll have to check that they haven't just gone to another page on your site and don't actually have two pages from your site open in two tabs.

Richy C.  2009-08-03 08:42:48
This sounds cool. But unfortunately, I don't know JavaScript.
bbtang  2009-08-03 09:28:47
Oh ya, btw, you mentioned that "calling a file from your server every minute", if I have 1000 or more users on the same time logged in, thats means every minute my server need to response those 1000++ users, am I right? Will it slow down my server performance? Is there a better way?
bbtang  2009-08-03 09:33:26
A combination of http://www.quirksmode.org/js/xmlhttp.html and setInterval ( sendRequest('refresh.php'), 60000 ); to fetch the "refresh.php" every minute (6000 milliseconds) should do the job.
Richy C.  2009-08-03 09:49:29
Yes, it could slow it down if you are having 1,000+ requests every minute: you could change the cookie timeout to 10 minutes and then refresh every 5 minutes or so to reduce any load.
Richy C.  2009-08-03 09:50:21
A: 

I believe the option you are looking for is the setting for the session cookie expiration. I don't remember the PHP command for it, but you should be able to set the cookie to expire when the window closes.

Here is the PHP session documentation: http://us2.php.net/manual/en/book.session.php

CyberSkull  2009-08-03 08:42:50
Thanks for the link, I will definitely go and take a look
bbtang  2009-08-03 09:40:20
A: 

Maybe you could use session_write_close()?

Kunla  2009-08-03 08:45:08
I am totally clueless about session_write_close(). I am a new php coder. I am gonna check this one out. Thanks
bbtang  2009-08-03 09:40:59
A: 

There's a comment on the PHP documentation for the session_destroy function that might be useful to you: http://us2.php.net/manual/en/function.session-destroy.php#71889

Joe Sergeant  2009-08-03 09:40:02
I normally use the session_destroy only on logout page. Um, well, let me think about, I believe it might be useful in some way and probably could solved my problem.. Focus, focus, focus.. think, think, think....
bbtang  2009-08-03 09:47:27

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases