However, if the user just closes the browser, the session variables are STILL stored in the server, which is bad for security IMO, and there's quite a lot of sessions stored in my client's webserver. Is there anyway to get the session to auto-delete or delete it when the user just closes the browser than hits the logout link?
Any help would be appreciated again.