I am new to web develepment and I am trying to create a simple login page.
For backend I use php.
For the login I use sessions.
My problem is that sessions are not destroyed when I close the browser.
I read that sessions are destroyed automatically when closing a browser, but that is not happening in my project.
I have read many articles, I tried with
session_set_cookie_params(0);
session_start();
but this is not helping me at all, basically it does nothing.
I also read that there is a default timeout for sessions that lasts about 20 minutes and then session is closed, but it has been more than 6 hours and yet the session is not destroyed.
Sorry, if my question is stupid.
Thank you in advance! Any help or comment would be appreciated!
PS. I use Chrome browser
Related
I have a real estate component installed. It has the option of adding properties to favorites and creates a list, but when I close and open the browser, regardless of how long it has closed, it deletes the list.
Talking to the developer he told me that it is because of the sessions that are deleted. And he could not help me. On his demo site, when he closes and opens again, he does not delete the list of favorites.
Does anyone know how to help me, how to do for joomla does not delete the session when closing the browser?
Thank you!
Browsers do close sessions if you close them. That's simply because the server identifies the user by a cookie. Session cookies are usually set to live just for the time the browser is open. If you close and reopen a browser those session cookies are gone.
But some browsers do only pretend that you close them. Chrome is a good example. So if I close a Chrome window and reopen another one the session continues. Only if I really kill the whole browser I lose my session.
The solution for your issue is to use time based cookies instead. PHP can do this for you. You can do this with PHP code or by configuration.
http://php.net/manual/en/function.session-set-cookie-params.php
http://php.net/manual/en/session.configuration.php#ini.session.cookie-lifetime
I have created a PHP and Cookie-based Login and Logout system for the admin page of a WebApp I am working on. Issue is when I refresh the page more than 2 or 3 times when I am Logged In, the Log Out function doesn't work properly, and keeps me "Logged In" if I attempt to load an admin page after I have "Logged Out". I am not certain if this is a browser setting, or something I am coding incorrectly.
Login PHP Code:
setcookie("password","$thepassword");
Logout PHP Code:
unset($_COOKIE['password']);
setcookie('password', null, -1, '/');
Any ideas welcome. :) Thanks~
A few seconds of google search would save you the hassle of asking a question, thought its already been answered here before, check this
I would also mention that storing users passwords in a cookie is a crime! please use sessions for such an ocassion.
You can always assign the cookie a null value:
setcookie("user", NULL);
However, cookies tend to be a rather insecure way of storing user data. I strongly recommend using sessions in stead. Keep in mind that users can change the value of cookies, but not sessions. Then to log out you can use session_destroy()
Also, try refreshing the page after the cookie is unset.
I solved my issues by converting the script to use Sessions, and not Cookies.
Thanks for the advice guys. :)
I am using cakephp 2 and recently changed my session handler to database.
Everything seems to be working fine, except when a user leaves the website without logging out the session is left active.
In my core.php file I have configured database session handler as follows:
Configure::write('Session', array(
'defaults' => 'database'
));
How do I configure cakephp database sessions to destroy the session when a user leaves the site without logging out?
TIA!
You can't. PHP runs on-demand and can't possibly know when a user stops browsing the site. You basically have 2 options:
Write a script to check your session store to find sessions that haven't been accessed in X seconds, and clear them out. Call this script with a cron job.
Check the session when the user comes back, and clear out any stale data. You'll still need to do some cleanup from time to time to get rid of session data from users that never come back.
Sessions are stored on the server, so if the browser is closed or the user goes to a different page, there is no obligation that it informs the server about this action.
Session are stored for a certain time in the server, and after some time of inactivity, it will be destroyed there automatically.
Check Sessions info in CakePHP cookbook for more details
There is a possible solution that will work in some cases but probably isn't a great solution:
<body onUnload="ajaxFunctionToDeleteSession();">
some random stuff goes here
</body>
So ajaxFunctionToDeleteSession would call via Ajax a url that would delete the session.
A few problems with this that I see:
Called anytime someone closes an open page of your site. Which means if someone opens up multiple windows of your site closes one, their entire session, including for the other open tabs is closed
There are probably cases in which someone goes to your site, does something accidentally closes the open window, reopens the site and things will look different because the session is gone.
But if you absolutely must delete a session when someone leaves the site, this may give a way to start approaching the problem.
I got one unsolvable bug at work.
I got a logout timer at the bottom of the page set at 45 mins
Every time a page request is made the session timeout gets updated and everything seems fine and it works.
Thing is, the client is using some pages longer than 45 mins(Editing in wysiwyg) and needs to reset the session timout without reloading the page.
My solution to this is to send an ajax request updating the session.
Everything seems fine.
Dumping the session variable shows correct values.
But the session timeout wont extend.
At some point the session times out anyway.
Is it impossible to reset the session timeout through ajax?
Anyway to debug this problem would be nice?
This webapplication is using liveuser from PEAR and the code is messy as hell!
I cant figure out what is happening!
No, it is not impossible to set the session timeout through ajax.
I am using a PHP / MySQL login system. With a new browser session, I tend to get logged out as I navigate the site.
Any tips on how I can go about fixing this?
Thanks in advance,
John W.
Sounds like the system is using sessions for persistent user logins which yes expire once the browser is closed. The solution is to use cookies for keeping track of users. You can extend the lifetime of a cookie for as long as you want and they are persistent through browser sessions.
Check expiration time on the cookies that PHP sends to browser.
Set expiration time to 0 so that they are this-session-only (until user closes browser)