Persistent sessions even when I close the window

Forum Moderators: coopster

Message Too Old, No Replies

Persistent sessions even when I close the window

I should be this persistent

Baruch Menachem

8:03 pm on Oct 12, 2009 (gmt 0)

My understanding is that each time you start a page with a session_start it does a bit of garbage collection, so sessions shouldn't persist when you move off the page.

That is not the way things are working right now. It actually makes things easier when I am doing the development, but it leaves a huge security problem. the guy I am working with is pretty casual with security (his password is four numbers, Gd save us)

I want to make sure that he does not get bothered by persistent log in requests, at the same time, when he closes a window, or moves off site, the session dies.

Would it be possible to do a small jscript that would call a php session close at the bottom of each page?

andrewsmd

9:00 pm on Oct 12, 2009 (gmt 0)

You can set your session timeout to a short period of time. As far as the user moving off of the page, if they have the same browser window open then why do you need to destroy the session? If a user leaves for a second or accidentally clicks on an outside link, then they would be logged out and that is not very user friendly.

Baruch Menachem

2:44 am on Oct 14, 2009 (gmt 0)

that should solve the issue. He is never on more than 10 minutes. Thanks

andrewsmd

6:37 pm on Oct 14, 2009 (gmt 0)

No problem, if you need to know how to set the session time just let me know, but some quick googleing should show you.