By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
438,747 Members | 2,011 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 438,747 IT Pros & Developers. It's quick & easy.

$_SESSION remains when browser is closed

P: n/a
Hi

I did not notice. A system I have made, seems on one server to keep
the $_SESSION even when the browser has been closed...
How can I avoid that?

WBR
Sonnich
Sep 2 '08 #1
Share this Question
Share on Google+
12 Replies


P: n/a
On 2 Sep, 14:44, jodleren <sonn...@hot.eewrote:
Hi

I did not notice. A system I have made, seems on one server to keep
the $_SESSION even when the browser has been closed...
How can I avoid that?

WBR
Sonnich
How are you seeing this?
Sep 2 '08 #2

P: n/a
Hi
>
I did not notice. A system I have made, seems on one server to keep
the $_SESSION even when the browser has been closed...
How can I avoid that?

WBR
Sonnich
Kill it yourself when everything is done. session_destroy() look it up
Sep 2 '08 #3

P: n/a
On Sep 2, 5:41*pm, "Twayne" <nob...@devnull.spamcop.netwrote:
Hi
I did not notice. A system I have made, seems on one server to keep
the $_SESSION even when the browser has been closed...
How can I avoid that?
WBR
Sonnich

Kill it yourself when everything is done. *session_destroy() *look itup
How do I do that? I mean, I can close the browser, I dont get to know
it. When the open a browser again, then I get the old session without
knowing what has happened en between.

/S
Sep 2 '08 #4

P: n/a
On Sep 2, 6:07*pm, jodleren <sonn...@hot.eewrote:
On Sep 2, 5:41*pm, "Twayne" <nob...@devnull.spamcop.netwrote:
I did not notice. A system I have made, seems on one server to keep
the $_SESSION even when the browser has been closed...
How can I avoid that?
Kill it yourself when everything is done. *session_destroy() *look it up

How do I do that? I mean, I can close the browser, I dont get to know
it. When the open a browser again, then I get the old session without
knowing what has happened en between.
I found session_cache_expire(30);
That may do it. Testing...
Sep 2 '08 #5

P: n/a
..oO(jodleren)
>I did not notice. A system I have made, seems on one server to keep
the $_SESSION even when the browser has been closed...
How can I avoid that?
If you use URLs to pass the session ID from one page to another, then
this is normal and expected behaviour. The server can't determine when
you close the browser, so the session will still live until it times
out. If you open another browser and paste the same URL with the session
ID into its address bar, you can continue the session.

Situation is different with a session cookie, which is the preferred
way. If you close the browser, the cookie will be removed as well. The
session will still be considered active on the server, but the browser
lost the connection to it and can't access it anymore.

Micha
Sep 2 '08 #6

P: n/a
jodleren wrote:
Hi

I did not notice. A system I have made, seems on one server to keep
the $_SESSION even when the browser has been closed...
How can I avoid that?

WBR
Sonnich
You can't. PHP handles sessions via cookies. The browser may clear
cookies when it closes, or it may not. If not, you have no way of
determining whether the browser was closed or not.

Setting an expiration time helps. But it still doesn't stop someone
form closing the browser and reopening it before the session expires.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================

Sep 2 '08 #7

P: n/a
Michael Fesser wrote:
.oO(jodleren)
>I did not notice. A system I have made, seems on one server to keep
the $_SESSION even when the browser has been closed...
How can I avoid that?

If you use URLs to pass the session ID from one page to another, then
this is normal and expected behaviour. The server can't determine when
you close the browser, so the session will still live until it times
out. If you open another browser and paste the same URL with the session
ID into its address bar, you can continue the session.

Situation is different with a session cookie, which is the preferred
way. If you close the browser, the cookie will be removed as well. The
session will still be considered active on the server, but the browser
lost the connection to it and can't access it anymore.

Micha
Micha,

With some browsers (Firefox for instance), it is an option to remove the
cookie or not. And if you don't remove the cookies, the session will
still be alive when you go back to the site (unless, of course, the
session has expired).

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================

Sep 2 '08 #8

P: n/a
..oO(Jerry Stuckle)
>Michael Fesser wrote:
>.oO(jodleren)
>>I did not notice. A system I have made, seems on one server to keep
the $_SESSION even when the browser has been closed...
How can I avoid that?

If you use URLs to pass the session ID from one page to another, then
this is normal and expected behaviour. The server can't determine when
you close the browser, so the session will still live until it times
out. If you open another browser and paste the same URL with the session
ID into its address bar, you can continue the session.

Situation is different with a session cookie, which is the preferred
way. If you close the browser, the cookie will be removed as well. The
session will still be considered active on the server, but the browser
lost the connection to it and can't access it anymore.

Micha

Micha,

With some browsers (Firefox for instance), it is an option to remove the
cookie or not.
OK, that could be an issue (never encountered it, though, my primary
browser is Opera).
>And if you don't remove the cookies, the session will
still be alive when you go back to the site (unless, of course, the
session has expired).
Yep.

Micha
Sep 2 '08 #9

P: n/a
On Sep 2, 10:01*pm, Jerry Stuckle <jstuck...@attglobal.netwrote:
jodleren wrote:
Hi
I did not notice. A system I have made, seems on one server to keep
the $_SESSION even when the browser has been closed...
How can I avoid that?
WBR
Sonnich

You can't. *PHP handles sessions via cookies. *The browser may clear
cookies when it closes, or it may not. *If not, you have no way of
determining whether the browser was closed or not.

Setting an expiration time helps. *But it still doesn't stop someone
form closing the browser and reopening it before the session expires.
I tried - 30 minutes seems like 30 days. It can even remember it
overnight
Sep 4 '08 #10

P: n/a
jodleren wrote:
On Sep 2, 10:01 pm, Jerry Stuckle <jstuck...@attglobal.netwrote:
>jodleren wrote:
>>Hi
I did not notice. A system I have made, seems on one server to keep
the $_SESSION even when the browser has been closed...
How can I avoid that?
WBR
Sonnich
You can't. PHP handles sessions via cookies. The browser may clear
cookies when it closes, or it may not. If not, you have no way of
determining whether the browser was closed or not.

Setting an expiration time helps. But it still doesn't stop someone
form closing the browser and reopening it before the session expires.

I tried - 30 minutes seems like 30 days. It can even remember it
overnight
Setting the session timeout correctly does work. How did you do it?

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================

Sep 4 '08 #11

P: n/a
On Sep 4, 3:08*pm, Jerry Stuckle <jstuck...@attglobal.netwrote:
jodleren wrote:
On Sep 2, 10:01 pm, Jerry Stuckle <jstuck...@attglobal.netwrote:
jodleren wrote:
Hi
I did not notice. A system I have made, seems on one server to keep
the $_SESSION even when the browser has been closed...
How can I avoid that?
WBR
Sonnich
You can't. *PHP handles sessions via cookies. *The browser may clear
cookies when it closes, or it may not. *If not, you have no way of
determining whether the browser was closed or not.
Setting an expiration time helps. *But it still doesn't stop someone
form closing the browser and reopening it before the session expires.
I tried - 30 minutes seems like 30 days. It can even remember it
overnight

Setting the session timeout correctly does work. *How did you do it?
session_cache_expire(60); // minutes
session_set_cookie_params(60*$ini_value['timeout']); //
session.cookie_lifetime

both does not work - it still remembers.

I cannot access the php.ini, the provider does not allow that - I have
to contact them (www.nss.ee) to have it done. They claim that
register_globals is now false, but I cannot see the effect.
Instead I am changing the code in some places. But this problem here
remains.

WBR
Sonnich
Sep 4 '08 #12

P: n/a
jodleren wrote:
On Sep 4, 3:08 pm, Jerry Stuckle <jstuck...@attglobal.netwrote:
>jodleren wrote:
>>On Sep 2, 10:01 pm, Jerry Stuckle <jstuck...@attglobal.netwrote:
jodleren wrote:
Hi
I did not notice. A system I have made, seems on one server to keep
the $_SESSION even when the browser has been closed...
How can I avoid that?
WBR
Sonnich
You can't. PHP handles sessions via cookies. The browser may clear
cookies when it closes, or it may not. If not, you have no way of
determining whether the browser was closed or not.
Setting an expiration time helps. But it still doesn't stop someone
form closing the browser and reopening it before the session expires.
I tried - 30 minutes seems like 30 days. It can even remember it
overnight
Setting the session timeout correctly does work. How did you do it?

session_cache_expire(60); // minutes
session_set_cookie_params(60*$ini_value['timeout']); //
session.cookie_lifetime

both does not work - it still remembers.

I cannot access the php.ini, the provider does not allow that - I have
to contact them (www.nss.ee) to have it done. They claim that
register_globals is now false, but I cannot see the effect.
Instead I am changing the code in some places. But this problem here
remains.

WBR
Sonnich
If you use them, both session_cache_expire() and
session_set_cookie_params() must be called before EVERY session_start().
Are you doing this?

And you can see the value of pretty much all of the settings in the
php.ini file with phpinfo().

And what's in $ini_value['timeout']?
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================

Sep 4 '08 #13

This discussion thread is closed

Replies have been disabled for this discussion.