Re: Sessions and closing the browser

From: cool (coo_at_goontrytospamme.dk)
Date: 09/28/04

  • Next message: Paul Schmidinger: "Magic Quotes / Register Globals" 
    Date: Tue, 28 Sep 2004 08:03:03 +0200

    On Fri, 24 Sep 2004 16:43:33 +0000, Theo wrote:

    > Hi all again
    >
    > The login part my site is on the remote server and all is good. Ive read
    > some of the past posts here to see about preventing multiple logins and
    > will be trying that today. But, what about people who simply close the
    > browser and try to log in again? If they are already listed as 'loggedin'
    > how are they allowed to do so again before the session cookie is
    > automatically removed. Actually I only assume it is eventually removed
    > instead of it being removed when the user properly logs out.
    >
    > Cheers

    Hi,

    You need to make your check as to whether a person is logged in or not
    unique to the cookie. When you use PHP sessions, this is done for you,
    because a session file is set up which will recognize only the one cookie.
    So if a person logs in, and opens another browser window, the second
    window will not be recognized as part of the first session. So if a person
    opens window 1, logs in, then closes the window without logging out, your
    session file is still active for xxx minutes forward. But if the person
    then opens a new browser window, and tries to log in again, the server
    will not recognize the new browser window as belonging to the former
    session file, and therefore, the user must log in again. So if you keep
    opening up windows, log in, close window, open new window, log in, etc.
    etc. etc., you will wind up with a lot of orphan session files on your
    server, which will disappear after the session file timeout (this can be
    set in php.ini I think).

    What I do when a person pushes a log out button is to make a call to a
    session destroy function to remove the old session completely. Then if the
    user tries to access a page without closing the browser window, the
    session will be gone, and the user needs to log in again.

    Regards,
    Steve

  • Next message: Paul Schmidinger: "Magic Quotes / Register Globals"