How do you properly close a php session before closing the browser?
say the user closes your site (tab or browser) and you want the session to be destroyed because you dont want an active session when the user turns their browser back on and goes to your page. How do you detect them leaving your site to close the active session?
19 Replies
all I was able to find is using
js with the beforeUnloadEvent but not sure how to use it with phpyou don't. You set the session cookie to expire at the end of the browser session
if you really, really want to do that explicitly, you can use beforeUnloadEvent to do a call to an API endpoint to invalidate the current session, but there's no guarantee that'll work 100% of the time
how do you check the end of a browser session?
you don't, you set the cookie to expire at the end of the session
the browser does that for you then
mostly im doing this because my
$_SESSION is still active after closing unless I logout
i have the session start very early on the pagedefine "active"
there's no code running anywhere once the request's finished
when I tried starting it upon successful login, when you go to the login page again by url it doesn't automatically redirect you unless the
session_start is very early in the code
basically creating a re authentication loop
starting it here does fix that
you start the session on every page load because you have to start it to access the data inside
that "start" expires with every page load too, once the request is finished the "start" is discarded, and the session data stored on disk in temporary storage
hmm so what i did is ok?
i just dont want the user to be able to access the login page again if already logged in
why?
just overwrite the login session if they log in again
before i had
session_start() in the $_POST['submit'] upon successful login
but then it just made the user had to resign every time when they boot up the site
even if they didn't close the browser
kinda difficult to test the cookie login 😄usually session_start is one of the first things you do, but on the login page you sometimes have to delay it so that you can set the session cookie's lifetime appropriately
how do you delay it?
just move it to where I had it before?
just put the call lower in the script once you have enough information to set it long or short
ah maybe below all those sessions and cookie check
no, you have to call session_start before you can use
$_SESSION
we went over this in your last thread, right?oh
is their a reason that when you hit logout and the page doesn't change over?
like you can't logout
ill have to go back and check i haven't looked at this project in a week
I think, maybe, the setcookie call sends the headers? Check your error log
and looking at that location, I think you're putting the path to the file relative to the current file? the Location header is interpreted by the browser, so it should be the path (absolute or relative) that goes in the URL bar. Could still be correct, but
../view/login.php makes me think that might not be correctoddly it was working before I did the cookie stuff
yeah i changed that back to
login.php since they're in the same directory
trying to find the error_log now
well I goofed it up. I have error_log with no value but log_errors is set to on
update:
so here's what I figured out with my sessions... when you close the tab or just add a new one with the same site you have to reauthicate but if you use remember password it seems to work
but that depends on the browser settings like it works with chromium but since my firefox runs everything in private browsing and closes and deletes cookies after use, nothing is retained
to the user it could be annoying but it seems to work for the most part