ending $_SESSION[] variable when user goes off site

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
User avatar
MrHamburger
Forum Newbie
Posts: 3
Joined: Thu Apr 20, 2006 2:09 pm

ending $_SESSION[] variable when user goes off site

Post by MrHamburger »

Hello,

I am using $_SESSION variables for user authentication on a site. I was wondering if it is possible (using PHP, or anything else) to end a session when a user goes off the site (without logging out); or at least to end the session if a user closes the browser window (but does not quit the browser application). Thanks a lot.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Their session is destroyed (normally) when they close their browser. There is no reliable way to detect them leaving your site. Set your sessions to expire quickly (30 minutes, maybe) if need be.
Post Reply