Close Session

[ngreenwood6]

Is there anyway to destroy a session if the user closes the page? I need the sessions to destroy when a user exits my site.

[scuff]

You could use javascript like

 

<?php
echo "
<script>
onunload=function() {
session_destroy();
}
</script>
<body onUnload='onunload()'>";
?>

something like that, but it doesn't always work

[ngreenwood6]

I tried adding it to my page like this:

 

<?php
include("variables.php");
?>
<html>
<title><?php echo $site_name; ?></title>
<head>
<link href="includes/style.css" rel="stylesheet" type="text/css" />
</head>
<script>

function autotab(original,destination){
if (original.getAttribute&&original.value.length==original.getAttribute("maxlength"))
destination.focus()
}

onunload=function() {
session_destroy();
}


</script>
<body onUnload='onunload()'>

<div id="container">

<div id="head">
<br>
The Ultimate Game
</div>

<div id="links">
<a href="index.php">Home</a> | <a href="Game.php">Game</a> | <a href="contact_us.php">Contact Us</a>
</div>

 

But I am getting an error stack overflow on line 19. Any help

[scuff]

it won't work if the session destroy isn't in the <?php ?> tags, but it might not work even if you put them in because it would just destroy the session even before unload because php loads before javascript, plus I think the session automatically destroys itself once the page is unloaded (not sure)

[ngreenwood6]

Does anyone have any other suggestions then?

[PFMaBiSmAd]

A session is just a container to hold data and browsers (and any thing you can run in a browser) can only make http/https requests to web servers. You should not depend on the existence of a session, a session data file, or session garbage collection to determine if or when someone is no longer on your site.

 

When a page is left or a browser is closed there is no reliable way to get that event to generate a http request to tell the web server about it. It turns out IE will send a normal http request using an onUnload event, but FF won't.

 

The normal method to detect when someone is no longer on a page or on a site is to store/update their id and the last datetime they requested any page in a database table. Then you consider them to be inactive/left your site when the stored datetime is some number of minutes (10 - 20) in the past. Any records with a last datetime older than what your limit is, would be considered inactive and you could set the values in your user table to cause them to be logged out.

 

With the advent of AJAX it is possible to reduce the time interval that you are checking by using AJAX to periodically make a http request to the server to keep updating the last datetime value in the table. If AJAX keeps the table updated at one minute intervals, it would be possible to use a two minute inactive "timeout".

[ngreenwood6]

So maybe you can help me with this. I have my database set up to insert the users ip address into the database when they log in. Then when they log out or go to the logout.php page it removes the ip address from the database. The reason for this is so that no 2 users can log in from the same ip address. The problem with this is that if the user does not log out or go to the logout.php page it doesnt remove the ip address. Which means that they will not be able to log in again until it is removed. Is there any way that I can have it remove this when they leave the site or a better method to do this.

 

thanks in advance