Destroy Session When Closing The Current Window

**killer7k** · Mar 5th, 2008, 05:10 PM

Hi ,

We can destroy The session by Going to another page set it to session_destroy() working no problem
but sometime the user may not click on logout it may close the window
so i want to add this event when he close the window the session will be destroyed !
i just think that we have to do it onUnLoad Event using JavaScript but Tried with no luck !

Thanks !

**visualAd** · Mar 5th, 2008, 06:00 PM

Unless you use the XMLHTTPRequest object you cannot do it with Javascript. PHP includes a built in mechanism to dispose of stale sessions after a period of time has elapsed. Haves a look at the session.gc_maxlifetime, session.gc_probability, session.gc_divisor directives.

For examples when:

session.gc_divisor = 10
session.gc_maxlifetime = 300
session.gc_probability = 1

Sessions will be destroyed when active fo 5 mins (200 seconds) and the garbage collection (destruction) of these sessions will occur in 1 out of every 10 requests.

**penagate** · Mar 5th, 2008, 07:06 PM

By default, the session cookie is destroyed when the browser window is closed, which effectively logs out the user.

**JRSofty** · Mar 6th, 2008, 01:09 AM

You can unset the $_SESSION variable but that only removes all the elements of the array.

**penagate** · Mar 6th, 2008, 01:17 AM

Originally Posted by JRSofty

You can unset the $_SESSION variable but that only removes all the elements of the array.

That gets deleted at the end of each request execution anyway.

**JRSofty** · Mar 6th, 2008, 02:57 AM

Only if there is no session cookie. If there is a session cookie then that variable is reloaded for each page from the session handler built into PHP. It is the one way to pass information from one page to another.

**killer7k** · Mar 6th, 2008, 05:31 AM

Originally Posted by visualAd

Unless you use the XMLHTTPRequest object you cannot do it with Javascript. PHP includes a built in mechanism to dispose of stale sessions after a period of time has elapsed. Haves a look at the session.gc_maxlifetime, session.gc_probability, session.gc_divisor directives.

For examples when:

session.gc_divisor = 10
session.gc_maxlifetime = 300
session.gc_probability = 1

Sessions will be destroyed when active fo 5 mins (200 seconds) and the garbage collection (destruction) of these sessions will occur in 1 out of every 10 requests.

I already Set the Session Maxlifetime to 0
what do you mean by XMLHTTPRequest object ?

Originally Posted by penagate

By default, the session cookie is destroyed when the browser window is closed, which effectively logs out the user.

Nop i can still see it on tmp folder

Originally Posted by JRSofty

You can unset the $_SESSION variable but that only removes all the elements of the array

Can i unset the $_SESSION variable on the onunload of the page ?

Thanks !

**JRSofty** · Mar 6th, 2008, 10:24 AM

Only if you are able to send a request using JavaScript to a PHP file that basically has

Code:

<?php session_start();
unset($_SESSION);
?>

To do that from the browser when they close the browser you would need to send the request via the XMLHTTPRequest object of JavaScript.

The other option would be to try to use JavaScript to delete the session cookie left in the browser. Normally the cookie is called PHPSESSID or something along those lines (you can find out what the name is via the phpinfo() function).

In all these cases however, could cause problems for your visitors when they jump from page to page on your site unless your site has only one page then the question would be why do you need to have sessions.

**killer7k** · Mar 6th, 2008, 12:45 PM

Originally Posted by JRSofty

To do that from the browser when they close the browser you would need to send the request via the XMLHTTPRequest object of JavaScript.

How via the XMLHTTPRequest object of JavaScript. ?

Thanks !

**visualAd** · Mar 6th, 2008, 03:32 PM

You don't need to do that. PG has already pointed out that when the browser window is closed the cookie will be deleted and/or no longer used. If it is not ensure that the session.cookie_lifetime directive is set to zero.

**JRSofty** · Mar 7th, 2008, 01:55 AM

VisualAd is right. If the cookie is deleted the session is no longer valid. The session file will still be there until the garbage collection cleans it up but that is not a problem. Without a session cookie the next time they visit they will start a new session.

**penagate** · Mar 7th, 2008, 02:00 AM

Use session_destroy() rather than unset($_SESSION) to invalidate the cookie and session data.

(The manual will have you believe that session_destroy doesn't delete the cookie. In my experience it does.)

**killer7k** · Mar 7th, 2008, 06:53 AM

Yes , I use only session_destroy() ,
but i need the garbage collection to clean the file in a 0 (s)
i made session.gc_maxlifetime = 0
so when i go by logout the file is deleted at the sametime
but when i close the window it still on the folder
as you said penagate

By default, the session cookie is destroyed when the browser window is closed, which effectively logs out the user

what i need is the file for this session to be deleted like with logout

Thanks !

**penagate** · Mar 7th, 2008, 09:28 PM

Why do you need that? Are you storing sensitive data in session variables? (This is a bad idea, for this reason.)

It shouldn't matter exactly when the session data files are deleted. The fact that it does suggests that your application design might be improved.

Thread: Destroy Session When Closing The Current Window

Thread Tools

Display

Destroy Session When Closing The Current Window

Re: Destroy Session When Closing The Current Window

Re: Destroy Session When Closing The Current Window

Re: Destroy Session When Closing The Current Window

Re: Destroy Session When Closing The Current Window

Re: Destroy Session When Closing The Current Window

Re: Destroy Session When Closing The Current Window

Re: Destroy Session When Closing The Current Window

Re: Destroy Session When Closing The Current Window

Re: Destroy Session When Closing The Current Window

Re: Destroy Session When Closing The Current Window

Re: Destroy Session When Closing The Current Window

Re: Destroy Session When Closing The Current Window

Re: Destroy Session When Closing The Current Window

Posting Permissions