Page 1 of 1

Session Destruction on Site Exit.

Posted: Tue Apr 12, 2005 4:14 pm
by conscience
Outside of a cookie timeout of some sort, is there no way to detect when a user leaves the site or clicks an external hyperlink in order to implement session destruction features? Every bit of research I've done says "No", but I figured I'd posit the question to (whom I consider to be) the Masters for final verification. Thanks for any information you can provide.

Posted: Tue Apr 12, 2005 4:20 pm
by The Monkey
Javascript can technically be used, but not relied on. A java applet could also be used, but is certainly not recommended.

I would try rethinking your session management and see why it is necessary to know the exact instance* a user has left...

*edit: Yah, I know it's instant. Too much programming for me... instance was the first thing that come to mind...

Posted: Tue Apr 12, 2005 4:26 pm
by infolock
that would have to be done through javascript's onunload function (in which you would call a javascript that would in turn call a php script for session_destroy).

the only alternative is that you set your config file for a session to last x minutes, meaning the session is destroyed after that.


Edit: The above poster is semi-right, though semi-wrong too.

Javascript is technically needed, however it is also relied upon to carry out what you are wanting to do...

As I said, the only alternative is to set when a time is exceeded for a session variable's existance, it should then be destroyed after x amount of time (that's the only other method of doing so without using javascript)

Posted: Wed Apr 13, 2005 8:40 am
by conscience
infolock wrote: As I said, the only alternative is to set when a time is exceeded for a session variable's existance, it should then be destroyed after x amount of time (that's the only other method of doing so without using javascript)
Would a wiser alternative be to block easy exit (such as hiding external links) from the site without first terminating the session?

Posted: Wed Apr 13, 2005 4:04 pm
by Ambush Commander
Nope. They can always press BACK or they can enter their own URL. The session stays.