Deleting SESSION data

Forum Moderators: coopster

Message Too Old, No Replies

Deleting SESSION data

ramoneguru

6:21 pm on Aug 1, 2007 (gmt 0)

Ok, I have a logout button on every page that requires it. Namely, this:

<?php
session_save_path('/usr/local/home/scoe/www/tmp');
// include function files for this application
session_start();
include_once ('../php_fns/lions_sc_fns.php');
ric_session_check();

$old_user = $HTTP_SESSION_VARS['ric_user']; // store to test if they *were* logged in
unset($HTTP_SESSION_VARS['ric_user']);
session_destroy();

// start output html
do_ric_style();

if (!empty($old_user))
{
echo 'Logged out.<br />';
do_html_url('index.php', 'Login');
}
else
{
// if they weren't logged in but came to this page somehow
echo 'You were not logged in, and so have not been logged out.<br />';
do_html_url('index.php', 'Login');
}

Now this seems to remove session data when they log out. However, it doesn't execute when they just click the little x in the top right corner and close the window. How do I destroy the session when they close the window?

--Nick

RonPK

8:32 am on Aug 2, 2007 (gmt 0)

The server won't notice that a user closes the window, so you'll need a client side action. That could be triggered by window.onunload or by checking the closed property in the window that opened the popup (if any). The client side script should then somehow call a logout script on the server, perhaps by using ajax.

d40sithui

4:11 pm on Aug 2, 2007 (gmt 0)

aren't php sessions suppose to clear automatically when the browser is closed?
[w3schools.com...]

WesleyC

4:19 pm on Aug 2, 2007 (gmt 0)

The client-side cookie is cleared, but the data about the user is kept on the server, generally until the garbage collection function detects that the data has expired (default expiry time is 2 hours, I believe).

RonPK

5:23 pm on Aug 2, 2007 (gmt 0)

The question was "How do I destroy the session when they close the window?" (my emphasis)

Session cookies are indeed killed when the user closes the browser, but not when s?he only closes a window.

ramoneguru

9:27 pm on Aug 2, 2007 (gmt 0)

So the solution would be to just add some type of function to my javascript file like:

function getWindowLogout()
{
if(window was closed)
call php logout function
else
do nothing
}

and then include the file where the function lies, on every page (ie. include_once('../php_fns/javascript/<filename where I store said function>))

Like that? Then where do I call it or do I just put it at the top of every page or something?
--Nick

RonPK

11:55 am on Aug 3, 2007 (gmt 0)

Yeah, something like that.

function killSession() {
// call logout.php
}
window.onunload = killSession;

BUT: that way the user would be logged out also when browsing to another page in the same window. You might need to use frames to work around that problem (like my internet bank does). The main frame contains the actual content. The fixed top frame contains the onunload handler. The onunload handler spawns a tiny new window that calls the logout script and closes itself when done.

Sessions, javascript, frames, popups: brrrr... :)

d40sithui

12:03 pm on Aug 3, 2007 (gmt 0)

just out of curiousity, how would you call a php script using js

RonPK

12:12 pm on Aug 3, 2007 (gmt 0)

There are several ways to do that:
- write/modify the src of an iframe
- write/modify the src of an image (The script would need to send content-type: image/png or so)
- Asynchronous JavaScript and XML, aka AJAX