I have created a popup in WordPress that will open when visitor IP is from Australia. The popup will show up on page load. I want to make it not show until the browser screen is closed.
For this, I used the cookie. I set the cookie when the close button is clicked and creating the cookie in PHP using ajax.
Here is the code I am using to create cookie:
setcookie("stay_here", "yes", 0, "/");
I set the cookie time to 0 so that it will destroy when the browser closed. The issue is that the site has user account area and when the user is logged in the session of the user is created. This session is not destroying after closing the browser. And when the above cookie created it automatically set expiration time as "Session".
I checked this on firefox and the data variable "Expires" of the cookie is set as "Session". As the session is not destroying when I close the browser and the cookie Expires value which is set as Session is also not destroying.
But I want the only cookie to be destroyed when the browser is closed not the Session.
I hope you understand my issue.
Can you guys look at the issue and provide me a solution to achieve this situation.
Thanks in Advance.
Ideally cookie created through SETCOOKIE function in PHP with its expire time 0, it will be deleted from browser when you will close the tab and time can't be overwrite with session's cookie time.
Try to create 1 test.php page and write setcookie("stay_here", "yes", 0, "/"); code and check from browser's cookie information.
You can also, set session cookie's time to 0 so session cookie will also deleted when browser will be closed.
ini_set('session.cookie_lifetime', 0);
See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies
It states under "Session cookies":
However, web browsers may use session restoring, which makes most
session cookies permanent, as if the browser was never closed.
In short: There is no reliable way to detect if a browser was closed.
What you can do is make a cookie that will expire in 12 hours:
setcookie("last_page_hit",$PHP_SELF,time()+12*60*60,"/");
if that cookie is absent you assume it is a new visit to the site and you show the popup again.
assuming your rm cookie is set and you are viewing page on header.php, you can refresh and update the cookie state.
if (isset($_COOKIE['rm']) || (isset($rm) && $rm)) {
ini_set('session.gc_maxlifetime', $lifetime);
ini_set('session.cookie_lifetime', $lifetime);
}
You can use sessionStorage https://developer.mozilla.org/en-US/docs/Web/API/Window/sessionStorage
It will store on clients side until window is closed.
It's relatively new feature, so you should check if it's supported by your clients browsers.
Related
I am created website using cakephp. After I logged in(google chrome) my aplicaion, without logout I am able to open the same session in another browser(Mozilla Firefox).
How to handle session in this scenario.
I would check your cookie time. If you dont set a time for cookies to remember your logged in then they expire when the browser is closed.
I would honestly set cookies for some decent time depending on what its for. Alot of people Close Browser Accidentally. A session is closed when you use session_destroy();
//if is logged in
$date_of_expiry = time() + 60 ;
setcookie( "userlogin", "anonymous", $date_of_expiry );
//another example
setcookie("email-".str_replace(".","_",$_SERVER['SERVER_NAME']),$email,$time_minutes,"/",$_SERVER['SERVER_NAME'],0);
http://php.net/manual/en/function.setcookie.php
http://php.net/manual/en/book.session.php
Could anyone tell how to maintain a session (in PHP) so that the session contains are preserved and are accessible even after the browser is restarted.
In general a session expires with the closing of a browser, but I want the session NOT TO BE CLOSED so that the session data's can be accessed the next time the browser is used.
Use session_set_cookie_parameters() to give the session cookie a non-zero lifetime before starting the session, or set session.cookie_lifetime to non-zero.
It's oxymoron.
Session stands for "until browser is closed".
Session is something that expires.
If you don't want it to be expired, you're probably don't want a session at all.
You are probably messing session with cookie or database.
Session in php (and in most web technologies) work like this :
You store a session id in a cookie on the client computer.
When the client come to your site he send you the session id.
The server find the session datas in a file with the session id and load it.
So closing the browser has not effect on the session, but if the browser empty the cookie when you close it (I don't think any browser do such a thing).
If you wana be sure the user is always logged in, you can store it's user/password in his cookies but it's not really safe.
The easiest and best i have found is that instead of just session_start we should input this on each page there is a session
$expire = 365*24*3600; // We choose a one year duration
ini_set('session.gc_maxlifetime', $expire);
session_start(); //We start the session
setcookie(session_name(),session_id(),time()+$expire);
//Set a session cookies to the one year duration
You can do something like this: (see session_set_cookie_parameters() and session_name())
// long long time
$sessionTime = 365 * 24 * 60 * 60;
$sessionName = "my_session";
session_set_cookie_params($sessionTime);
session_name($sessionName);
session_start();
if (isset($_COOKIE[$sessionName])) {
setcookie($sessionName, $_COOKIE[$sessionName], time() + $sessionTime, "/");
}
For $sessionTime, also refer to this question
This can be done if you use cookies instead of sessions.
Book said, persistent cookie stay on client machine till it expires.
session cookie will be gone after browser closed.
i tried it, like:
setcookie("name", "value"); // before any output
but after closing browser and restart, it is still there
(from print_r($_COOKIE)).
i tried couple of different browsers like safari, chrome, firefox,
it is all like that. only eclipse is different:)
so, are all current browsers not following that "rule" ?
or there is some default time-out for a session cookie i am
not aware of?
thanks.
EDIT:
I checked in firebug it said:
Name Value Domain Expires
name value localhost session
Check your PHP settings for session cookie name, domain and path, and unset the cookie using the same values given to setcookie(). They can all be read with ini_get() and fed to variables.
The above advice assumes you're using PHP built-in session mechanism, ie. you don't use a framework with it's own, custom session library.
What you set there is not a session cookie. After the page is loaded in the browser go check the cookies set from your server (localhost if it's local machine), you'll see a SESS_ID cookie which is set by the server and it goes when you close the browser
What you are actually trying to set is a persistent cookie..A session cookie or simply session can be simply set by starting a session or storing a value in session like $_SESSION['name']=$value.
What you are doing is a persistent cookie it wont expire even if browser is closed. It expires only after the time set in cookie expires.
Like setcookie($cookie_name, $cookie_value, time() + (86400 * 30), "/"); it will set cookie info for 1 day..even if browser it closed..
You can set time and cookie info according to your needs...
`
That's because you're setting a cookie.
Sessions are not cookies. Cookies are not sessions.
http://www.tuxradar.com/practicalphp/10/1/0
Quoted from the first page:
Cookies can be set to a long lifespan, which means that data stored in a cookie can be stored for months if not years.
And sessions, via the page on sessions:
It is also important to note that sessions only last till the user closes their browser, whereas cookies can be configured to last longer.
Thanks to everyone's response. It's my problem.
i am working on macbook, i thought clicking the red cross will close
the browser. but although browser is gone. on the very top of my screen,
it is still safari menu bar. i have to click safari and quit it.
now, all my session cookies are gone after closing the browser:)
I can't seem to find a definitive answer on the internet, so I'm asking here.
When one uses session_start(); in a .php script and saves some values, when does the session end? So when would those values not be accessible again?
I've found that refreshing the page or stopping the session code-wise would stop it, and a possible time-out would stop the session as well. But what about navigating away from the site and returning a minute later? And closing the browser?
As for the last one, on mobile, what does 'closing the browser' mean? Closing the tab or even minimalising the site?
If your session values are not linked to any cookie, the session will end when the windows browser will be closed.
If your session variable comes from a cookie, the session will end after time specified in the cookie file.
In PHP, sessions work with a cookie of type session. Server-side, the session information is constantly deleted.
To set the lifetime of a cookie in php, you can use the function session_set_cookie_params, before the session_start:
session_set_cookie_params(3600,"/");
session_start();
For ex, 3600 seconds is a one hour, for 2 hours 3600*2 = 7200.
But it's a session cookie, the browser can make it expire by himself, if you want to save longer sessions (like remember login), you need save the data in the server and a standard cookie on the client side.
Navigating away from a site when using cookies will not break the session.
There are two things that can effectively end a session:
The cookie linking it to the browser gets destroyed. PHP typically uses session cookies. These are deleted when the browser is closed. The browser, not the tab. They can also be deleted manually.
When the server hasn't received a request from the browser with the session cookie for the session for a certain amount of time (defined in session.gc_maxlifetime) and it cleans up the session data.
I am confused regarding Session in PHP. My question is when a user closes directly red cross button without logging out whether the session is destroyed or not. If he again opens that page whether he would be asked to login or he would be directed inside the application?
I have googled around, some are saying it will be directed to login and same are saying it will be directed inside the application.
The default session cookie is set to expire when the browser window is closed. The corresponding session on the server will still exist for a while until it is garbage collected. If the user could resurrect/keep the cookie, he could continue to use the session. But again, the browser will discard the cookie when it's closed. You can modify the session cookie settings with an explicit expiration time, which means it will persist until then, giving your user a permanently logged-in status.
Here are all the session and session-cookie related settings you can tweak with ini_set: http://php.net/manual/en/session.configuration.php
PHP sessions should automatically expire when the browser window closes providing you do not modify the Session Cookies expiration time.
moreover whatever scene you described can be done by Cookie
if you set cookie (persistent) for a limited time period then it will not ask for the login untill that and save your login credentials.
redirecting on the last page can be done by your logic not by browser.
check that session.cookie_lifetime in php.ini if it is 0 means whenever we close the browser. it will destroy the session
more info