Page 1 of 1

Session does not end after closing/opening browser?

Posted: Thu Sep 25, 2008 9:35 am
by JAB Creations
This isn't very important though I noticed when I started a session, closed Firefox, opened Firefox back up, and the page loaded that I was still signed in with the session. I thought sessions were supposed to expire when the browser was closed?

Re: Session does not end after closing/opening browser?

Posted: Thu Sep 25, 2008 9:47 am
by Skoalbasher
JAB Creations wrote:This isn't very important though I noticed when I started a session, closed Firefox, opened Firefox back up, and the page loaded that I was still signed in with the session. I thought sessions were supposed to expire when the browser was closed?
If your code reaches a point you won't need sessions anymore, you could always unset it.

Re: Session does not end after closing/opening browser?

Posted: Thu Sep 25, 2008 9:51 am
by JAB Creations
It was not planned though it's not necessarily undesirable.

Re: Session does not end after closing/opening browser?

Posted: Thu Sep 25, 2008 11:46 am
by VladSun

Re: Session does not end after closing/opening browser?

Posted: Thu Sep 25, 2008 11:51 am
by Bill H
Not to insult your intelligence, but did you have another iteration of Firefox open?
To get my sessions to end, I have to be sure that all iterations of Firefox are closed.

Re: Session does not end after closing/opening browser?

Posted: Thu Sep 25, 2008 12:12 pm
by JAB Creations
Like I said it's not necessarily an undesirable effect.

I did actually lose my tabs in Firefox 3 this morning when Firefox 2 updated though that's unrelated. I don't usually run multiple instances of Firefox and I check the processes running in XP's task manager several times a day without fail.

My only important question is this a possible security concern? In example a computer in a public environment is there any risk there?

Re: Session does not end after closing/opening browser?

Posted: Thu Sep 25, 2008 1:00 pm
by VladSun
JAB Creations wrote:My only important question is this a possible security concern? In example a computer in a public environment is there any risk there?
I'm pretty sure you can answer this by yourself ;)

Re: Session does not end after closing/opening browser?

Posted: Thu Sep 25, 2008 6:10 pm
by JAB Creations
I'm not that sharp in the AM... :|

Code: Select all

session_name("member");
session_set_cookie_params();
session_start();
If the default is 0 and ends the session when the browser closes then this is not working.

I also get the following error message...
Wrong parameter count for session_set_cookie_params()
I had tried session_set_cookie_params("0"); and the browser session still persisted after closing and reopening the browser.

Suggestions please?

Re: Session does not end after closing/opening browser?

Posted: Thu Sep 25, 2008 6:26 pm
by LuckyShot
Do you have that "Save your closed tabs for the next time" enabled in FF?
It may store more information than just the tab URLs.

Re: Session does not end after closing/opening browser?

Posted: Thu Sep 25, 2008 7:15 pm
by JAB Creations
Yeah, I actually started using that feature earlier this year. It's a life saver. :mrgreen:

So how do I work with that issue then? :|

Re: Session does not end after closing/opening browser?

Posted: Thu Sep 25, 2008 11:09 pm
by Stryks
Sorry to jump in here .... not too much to add really ... just wondering ... why do you use this line?

Code: Select all

session_name("member");
I see people use it in examples, but I've seriously never used it and have no idea why it would be needed. I get what it does ... I just don't get why.

Also ... shouldn't that middle line be ...

Code: Select all

session_set_cookie_params(0);
The manual doesn't seem to indicate that the lifetime parameter is optional, and would therefore have no default setting. Would it?

As for the multiple tabs thing ... well ... I don't believe there is a workaround apart from having the user log out and destroying the session. Or you could update a timestamp in the session on each page view and destroy the session or request a re-auth if a page view turns up after a certain period of time. It wont stop it, but it narrows the time-slot for session manipulation down. Although, you'd think that just setting a timeout value would provide the same result.

Anyhow .... cheers.

Re: Session does not end after closing/opening browser?

Posted: Fri Sep 26, 2008 1:31 am
by VladSun
Stryks wrote: ... just wondering ... why do you use this line?

Code: Select all

session_name("member");
I see people use it in examples, but I've seriously never used it and have no idea why it would be needed. I get what it does ... I just don't get why.
It's the only way to distinguish between sessions owned by different applications on a same site (e.g. a site with a login feature and PHP MyAdmin application).
Stryks wrote: Or you could update a timestamp in the session on each page view and destroy the session or request a re-auth if a page view turns up after a certain period of time. It wont stop it, but it narrows the time-slot for session manipulation down. Although, you'd think that just setting a timeout value would provide the same result.
Yes, I think it's the same.

Re: Session does not end after closing/opening browser?

Posted: Fri Sep 26, 2008 1:36 am
by Stryks
VladSun wrote:It's the only way to distinguish between sessions owned by different applications on a same site (e.g. a site with a login feature and PHP MyAdmin application).
Ahhh ... And the light goes on.

Thanks for that. I've often wondered. :D