PHP Sessions

mark renton

I have a php session (not using cookies) - When I close my browser window (IE 8) and reopen, the session is still available

My understanding is that the session should terminate on closing of browser - is this not the case?

henryporter

Presumably you should be including a statement to close the session as opposed to relying on the browser to do so - not a bad discussion on the topic here: http://www.webmasterworld.com/forum88/1131.htm

mark renton

That discussion seems to be on server side management of sessions and

my query is on client side sessions - i dont see how server side could differentiate between an active session and a non active session if the session is regenerated on client browser each time it is reopened

mark renton

Below is what i expected when leaving website - however if i reopen login page the session reverts to previous session



http://www.w3schools.com/PHP/php_sessions.asp

A PHP session solves this problem by allowing you to store user information on the server for later use (i.e. username, shopping items, etc). However, session information is temporary and will be deleted after the user has left the website. If you need a permanent storage you may want to store the data in a database.

damoth

As far as I know, there are 2 ways sessions get removed from the server.

1. Manually deleted in your code (e.g. in a logout script). This includes removing the cookie on the client which contains the session id.

2. By garbage collection after some inactivity period. This can be modified by you using the 'session.gc_maxlifetime' parameter.

john47832 wrote: »

However, session information is temporary and will be deleted after the user has left the website.

... They don't specify how quickly here.

komodosp

I always thought PHP used cookies to maintain the session info. But the OP says "Not using cookies" so how is the session info being maintained at all?

Dashe

The only way I can think of the browser matching the session to a previous one after the browser is closed is by cookies.

If your site drops a cookie with the session_id in it, when the browser reopens and goes to the site it can reestablish its previous session.

Check and see if there are any cookies from your site?

Webmonkey

komodosp wrote: »

I always thought PHP used cookies to maintain the session info. But the OP says "Not using cookies" so how is the session info being maintained at all?

+1 on this. Sessions can't work without cookies or otherwise passing a unique session ID in every URL you request. I take it, it's the cookie way that the server is using.

I actually don't think it's possible to guarantee. Maybe you could use some AJAX to call a script to destroy the session when the browser is closing. Never tried it though.

seamus

PHP Sessions use...session cookies.

The browser should discard this cookie when closed. One thing to check is that the actual browser is closed, as opposed to just the window. If you load up your site in one tab or window, and then close it but there are still other IE8 windows open (or an IE process open in the background), then the browser will hold onto your session cookie.

A handy thing to do while developing is to include a "reset session" link in the footer of your pages. So if you want to start again, you click this link and it brings you back to
$_SERVER."?resetSession=1"

You can then stick a piece of code in your header or any includes files to pick up this GET variable and delete any open sessions before starting a new one. Saves you having to close five or six open browser windows to start testing again.