PHP sessions issues, please help! - PHP Server Side Scripting forum at WebmasterWorld - WebmasterWorld

Forum Moderators: coopster

Message Too Old, No Replies

PHP sessions issues, please help!

Admiralrewd

7:58 pm on Jun 20, 2008 (gmt 0)

10+ Year Member

I am working on a login script and want the user to be automatically logged off when the browser window is closed. I have set session.cookie_lifetime=0, but for some reason the session persists even after the window is closed, and the browser application is quit. My session settings (from phpinfo) are listed below:

session.auto_start (Off)
session.bug_compat_42 (On)
session.bug_compat_warn (On)
session.cache_expire (180)
session.cache_limiter (nocache)
session.cookie_domain (no value)
session.cookie_httponly (Off)
session.cookie_lifetime (0)
session.cookie_path (/)
session.cookie_secure (Off)
session.entropy_file (no value)
session.entropy_length (0)
session.gc_divisor (100)
session.gc_maxlifetime (1440)
session.gc_probability (1)
session.hash_bits_per_character (4)
session.hash_function (0)
session.name (PHPSESSID)
session.referer_check (no value)
session.save_handler (files)
session.save_path (/Applications/MAMP/tmp/php)
session.serialize_handler (php)
session.use_cookies (On)
session.use_only_cookies (Off)
session.use_trans_sid (0)

If anyone has any insight into why the sessions remain even when the broswer window is closed I would really appreciate it. Thanks in advance for your help!

coopster

8:16 pm on Jun 20, 2008 (gmt 0)

WebmasterWorld Administrator

10+ Year Member

Welcome to WebmasterWorld, Admiralrewd.

When you say the session persists, what do you mean? Do you mean that if you open the browser again and visit the pages the session is still active?

Admiralrewd

8:51 pm on Jun 20, 2008 (gmt 0)

10+ Year Member

yes, that's exactly what I mean.

Admiralrewd

1:08 am on Jun 21, 2008 (gmt 0)

10+ Year Member

actually, I have a small correction. It appears that sessions are not working properly on Safari only. Firefox and Internet Explorer appear to work fine.

coopster

2:27 pm on Jun 21, 2008 (gmt 0)

WebmasterWorld Administrator

10+ Year Member

Ah, so it's not a PHP issue, it's browser related. Let us know what you discover.

salnajjar

8:27 pm on Jun 22, 2008 (gmt 0)

10+ Year Member

Set the cookie expiration date to a hard date and make it in the past, Safari will then release the session cookie.

The other option is to change an item in the session cookie first so that even if the browser refuses to expire it your website won't allow the session to continue.

For example the logout php script in my current code resets the cookie too:
setcookie('cookienamehere', '', 1, '/', '.domainnamehere.#*$!');
$_SESSION['loggedin'] = false;
$_SESSION['userid'] = 0;
$_SESSION['username'] = '';
$_SESSION['firstname'] = '';
session_destroy();

Every page on my site that requires the user to be logged in checks the session cookie for both the loggedin flag and also to make sure the userid is set to a valid number other than 0.

I've tested this on Safari (mac and iphone), opera, internet explorer, firefox & camino, all with no problems.

I hope this helps a little.

Seri

penders

1:43 pm on Jun 23, 2008 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Top Contributors Of The Month

For example the logout php script...

But I think that is part of the problem the OP is having... when the browser window is closed the logout script is not executed, instead relying totally on the expiration of the session cookie to log the user out.

What version of Safari / platform?

Admiralrewd

2:30 pm on Jun 23, 2008 (gmt 0)

10+ Year Member

Thanks for all the help guys. I have worked it out. It was actually a combination of problems, the main one being that the 2 computers we were testing it on had a cookie from previous tests that had not been properly deleted. It should have timed out long ago, but for some reason it didn't. A silly mistake perhaps. However, changing the code around to something similar to what salnajjar suggested appears to have helped fix cookies which weren't expiring properly.