I have a session that works perfectly expect for one, if I close the browser the session gets destroyed however if I close the current tab and then go back to the site, the session still exists, how can I make sure that the session is destroyed both on a tab close and a window close?
The problem here is browser behaviour. Cookies aren't usually destroyed until the browser is closed, and PHP sessions are maintained via a session ID cookie.
Your best bet may be to set the session timeout to something shorter than the default (15 or 30 minutes I believe)
You could try and do something with onunload as Anonymous suggests, but the onunload event is not guaranteed to fire so you won't be certain that the session has been destroyed.
Is there a particular reason you need the session to be destroyed straight away? If we know your exact problem we may be able to suggest a workaround
You can't check tab closing with php, you should do it with a combination of the javascript onunload event and ajax call to request the destroy method for the server side session.
Related
It seems a small and easy to solve problem, but I cant find any solution for it.
I want to login the users only for that session while the are browsing the site. As soon as they close the tab I want to make their session expired. As much as I know I can't do this in the built-in Auth class.
How could I do this efficiently?
Short answer: YOU CAN'T
The session can be destroyed when the entire browser is closed by simply setting expire_on_close in config/session.php (also make sure you clear the cookies in your browser for this to work):
'expire_on_close' => true,
But there is no way to detect when only a tab is closed in the browser. The closest thing you would have is the JavasSript method onbeforeunload that triggers when you close a tab. But it also triggers when you navigate away from a page or hit the back button, and there's no way to differentiate between those actions.
You could set a very short session time on the server, and "ping" the server from any open page, to let it know to keep the session still in use, which would mean it would very quickly expire when the tabs that have the app open are closed, but that's an extremely ugly solution.
Since PHP is server side code, it only knows the last time/page that was accessed.
See: Destroy PHP session on page leaving
Hi I'm trying to clear all the session variables when the user closes the tab,
I have tried the following
session_set_cookie_params(0);
session_start();
but it clears the session only when the user closer the entire browser,
I have tried searching frome some links but I have found that not working.
Browsers only destroy session cookies when the entire browser process is exited. There is no reliable method to determine if/when a user has closed a tab. There is an onbeforeunload handler you can attach to, and hopefully manage to make an ajax call to the server to say the tab's closing, but it's not reliable.
And what if the user has two or more tables open on your site? If they close one tab, the other one would effectively be logged out, even though the user fully intended to keep on using your site.
by : Marc b
I can't seem to find a definitive answer on the internet, so I'm asking here.
When one uses session_start(); in a .php script and saves some values, when does the session end? So when would those values not be accessible again?
I've found that refreshing the page or stopping the session code-wise would stop it, and a possible time-out would stop the session as well. But what about navigating away from the site and returning a minute later? And closing the browser?
As for the last one, on mobile, what does 'closing the browser' mean? Closing the tab or even minimalising the site?
If your session values are not linked to any cookie, the session will end when the windows browser will be closed.
If your session variable comes from a cookie, the session will end after time specified in the cookie file.
In PHP, sessions work with a cookie of type session. Server-side, the session information is constantly deleted.
To set the lifetime of a cookie in php, you can use the function session_set_cookie_params, before the session_start:
session_set_cookie_params(3600,"/");
session_start();
For ex, 3600 seconds is a one hour, for 2 hours 3600*2 = 7200.
But it's a session cookie, the browser can make it expire by himself, if you want to save longer sessions (like remember login), you need save the data in the server and a standard cookie on the client side.
Navigating away from a site when using cookies will not break the session.
There are two things that can effectively end a session:
The cookie linking it to the browser gets destroyed. PHP typically uses session cookies. These are deleted when the browser is closed. The browser, not the tab. They can also be deleted manually.
When the server hasn't received a request from the browser with the session cookie for the session for a certain amount of time (defined in session.gc_maxlifetime) and it cleans up the session data.
I would like to know what the best way to save a shopping cart is. I'd like the shopping cart details (which are session variables) to persist even when the user closes his browser. I would consider saving the data in a table as soon as the window close event is fired but i'm not sure that jquery unLoad or beforeUnload events are what i need as they don't seem to work across different browers.
I'd appreciate any pointers to set me on the right path
It's not so much when a browser closes as keeping the session cookie in the browser. If I understand correctly, you're using sessions (i.e. the $_SESSION variable), so it should be relatively easy. PHP's function session_set_cookie_params would most likely be the way to go; there's also the option session.cookie_lifetime (found here) that explains the session's cookie lifetime a bit more, even if you can't set it yourself.
The session cookie's lifetime is in seconds; so if you set it to 60 seconds and visit the site, the session cookie will only last 60 seconds before discarding the cookie, effectively destroying the session. Set the lifetime to a high number in order to prevent this.
Since the session data is server-side, and all the browser has is a session ID, all you need to do is make the session ID last longer.
This is done by editing the php.ini settings, particularly those regarding the lifetime of the session cookie. If it's 0, then the cookie is cleared when the browser closes.
Try setting it to a high number. That will make the session persist.
Maybe save data when they are changing and not when the browser is closing. Saving could be in Database, Local Storage or Cookies.
Why not just keep your shopping cart data persisted anyway. If you want it when they're on the site and you still require it when they've left, just persist it. It's tricky to reliably pick up when a session is abandoned as they could close the machine down or kill the browser process. Every change to the cart should be saved until they explicitly kill their cart or the cookie associated with it.
You just save the data as soon as the data change is made. Why wait? As soon as someone adds an item to their cart, save it.
jQuery unLoad method works everywhere. I assume you want to store the cart in DB, when you talk about table(s). So you have to make synchronous ajax call to your server, so PHP could store it and probably return an identifier, which you should put into an cookie.
Problem is that this procedure can take relatively long time (1-2s). I'd just provide a Save button.
how we can destroy the session when we click in the close button in my browser..
You can't destroy the session directly. The session garbage collection doesn't work like that. However if your session is using cookies you could set the cookie lifetime to 0 which translates to "destroy cookie when the browser closes". You can do this with
session_set_cookie_params(0)
The session is still there, but the client can no longer access it effectively destroying the session.
On a side note this will only work if all instances of the browser close.
You can't in any meaningfull reliable way, that is why we invented session.gc_maxlifetime & garbage collecting.
unset($_SESSION)
- destroys all session variables.
If they have javascript enabled, you can watch for the onUnload event and make an ajax call to a php file that unsets the session variable.
Typically the browser will delete session cookies on exit, and there is no need to do it on the server side.