Excuse me...
I have some problem with Session...
1. How to unset or destroy Session if my application idle for 20 minutes ??
2. How to destroy session if they close browser....

Thank You...

Heheh. Those are two typical questions often asked by people starting out with sessions. They also happen to be two things that you can't actually do. Let me try to explain why.


1. PHP is not a continually running application. When the user requests a page served by PHP, the script is run through linearly. Now this can get extremely complex in a large application, what with huge numbers of include files and classes here and there, but it doesn't change that simple fact - once the PHP interpreter gets to the end of the original file, it ends. That's it. So, you have no way of checking idle time, because the concept of idle time in that sense does not exist.

What you could do, on the other hand, is log the user's last activity time. You could even use a session variable for that. At the start of the script, after checking if a session is present, check if the user's last activity time is over 20 minutes earlier than the current time. If so, you can then proceed to destroy the existing session and start a new one.

Of course, the session may have already expired, in which case it does not matter.


2. Remember I said how once the script ends that's it. There is no more communication between the client (the user's browser) and the server (running PHP). When the user closes the browser, it just closes - it doesn't announce that fact to anyone. So how can the server be notified of this? You have to set it up yourself.

There are two approaches. The first is to trap an event that signals the window has been closed. There is, as far as I know, no standardised way to do this. Meaning that it's going to be hard to get it to work in all browsers, if any at all, and consistently. The second method is to maintain a persistent connection with the server. If the connection is broken at any time, you will know that the window has been closed.

You can achieve the second method by using an XMLHttpRequest object, in Javascript. You will need to flush the connection every so often as PHP has a default 30 second timeout for scripts and it will think your waiting script has hung. You can override this limit to a certain extent using the ini_set() (php.net/ini_set) function, though I've forgotten quite how.


I can go into more details later if you decide this is what you want to do. Bear in mind it's quite a lot of work and not many PHP applications use it. So consider whether it's absolutely neccessary for your application. Bear in mind that undestroyed sessions do not pose a security risk as the data is all stored on the server.

I do not know if he helped, but sessions are different, if you are trying to do time-based you should probably use cookies then time()+# to set the time interval, that should serve your time problem.

Otherwise, the browser closing one I cannot help with.

You can set the session cookie expire time in the php.ini or through the use of ini_set. Sessions by their very nature are temporary, so the defualt is a cookie is deleted when the browser closes.

I posted an example of how to send a message back to the server when the window is closed using Javascript.

http://www.vbforums.com/showpost.php?p=2443292&postcount=8

How to detect if the user online or not ???
I mean, if there is someone login with username : 'TEST' and when the other people will login with username 'TEST', it will announced that the user has already online ...
If I'm using database,I'm affraid some people will close the browser before they logout and when he wants login again, he can't enter... :( :(

How to detect if the user online or not ???
I mean, if there is someone login with username : 'TEST' and when the other people will login with username 'TEST', it will announced that the user has already online ...

Now why would any script do that, when it takes extra work, and is a pain for the users?