Hi,

How do I destroy a session when the browser window with my session data closes?

session_destroy() (http://uk2.php.net/session_destroy) will, as you've probearly guesssed, destroys all the sesssion data. The problem only occurs when calling the function, but this can be resolved by calling an AJAX function or opening a new window to the location of your script by adding onUnload to the body tag or in javascript using


<script>
window.onunload = function(){alert('Window Closed.')}
</script>

<?php
session_start();

session_destroy();
?>

Ehm, how shall I use that? :P

create a script, like kenny_oh said, called destroy.php like


<?php
session_start();

session_destroy();
?>
<script language="javascript" type="text/javascript">
window.close();
</script>


and in your main script, the window which the user will be closing add the following script to it.


<script language="javascript" type="text/javascript">
window.onunload = function(){window.open('destroy.php');}
</script>

Cool, guys! Thanks. But:
1) How can it be programmed so you can't see that window popping?
2) Is it possible to make it purely in PHP so the user won't have to download java?

Its not possible to do it purely in PHP as PHP is server side and what you want is using client side. To do it without a window popping up then you need to use AJAX which creates a HTML request.



<script language="javascript" type="text/javascript">
function createRequestObject()
{
var request_o; //declare the variable to hold the object.
var browser = navigator.appName; //find the browser name
if(browser == "Microsoft Internet Explorer"){
/* Create the object using MSIE's method */
request_o = new ActiveXObject("Microsoft.XMLHTTP");
}else{
/* Create the object using other browser's method */
request_o = new XMLHttpRequest();
}
return request_o; //return the object
}


var http = createRequestObject();
function destrorySession()
{
try
{
http.open('get', 'destroy.php');
http.send(null);
}
catch(Exception)
{
http = createRequestObject();
destorySession();
}
}

window.onunload = destorySession();
</script>

Great!

Now, I just found out that the pages logs you off when refreshing. Can that be disabled?

Hmm, this smells clunky to me. Are you aware that sessions time out automatically after a relatively short period of time anyway? There's not a lot of point in guesstimating when the user closes the window and destroying session data manually. There's not really a reliable way to tell the difference between closing the window and refreshing.

Is this what banks and other secure places use to make sure that all session information is clear in case the user is accessing the site from a public place, or where someone else is going to use the computer after them. Then they probearly wouldn't want to chance it that the session will time out before the next user arrives