Sessions + Cookies : Pls help

[vaibhavs]

Hi,

 

I have the following code in my index.php

 

Main purpose: I have a logout routine which works fine, but I wish to kill the session when any user closes the browser window without logging-out.

 

I believe this can be achieved using cookies in conjunction with sessions.

 

I wish to incorporate cookies into this page so that the session is killed as soon as the user closes the browser window.

 

Requesting forum members to help help me with the code.

I tried some combinations but failed!

 

 

<?
$db_name = "mydb";
$db_user = "mydbuser";
$db_pass = "mydbuserpass";


session_start();

if($_POST['submit'] == 'Submit') 
{
	$db=mysql_connect ("localhost", $db_user, $db_pass) or die ('Cannot connect to MySQL: ' . mysql_error());
	mysql_select_db ($db_name) or die ("Sorry, database Problems.Please try again.");
	$username = $_POST['username'];
	$query = "select client_name, client_email from login where username = '".$username."' and password= '".$_POST['password']."'";
	$result = mysql_query($query);
	$value = mysql_fetch_array($result);
	$num_rows = mysql_num_rows($result);
	if($num_rows > 0) {
		$_SESSION["client_name"] = $value['client_name'];
		$_SESSION["client_email"] = $value['client_email'];
		header("location:list.php");
	} 
	else 
	{
		echo "<div align='center'><font color='#FF0000' face='Verdana' size='1'>Invalid Username or Password!!</font></div>";
	}
}
?>
<html>
<head>
<title>Login </title>
</head>

<body onLoad="document.forms[0].elements[0].focus()">
<div align="center">
<center>
<br>
<b><font face="Verdana" color="#FF0000" size="4">Login:</font></b>
<form name="login" action="<?php $_SERVER["PHP_SELF"] ?>"  method="post">
  <table border="1" cellpadding="4" cellspacing="4" style="border-collapse: collapse" bordercolor="#F0F0F0" width="293">
    <tr>
      <td width="290" colspan="2" bgcolor="#F0F0F0"><b>
      <font size="2" face="Verdana">Login</font></b></td>
    </tr>
    <tr>
      <td width="88"><b><font size="2" face="Verdana">Username</font></b></td>
      <td width="202"><font face="Verdana">
      <input type="text" name="username" size="20"></font></td>
    </tr>
    <tr>
      <td width="88"><b><font size="2" face="Verdana">Password</font></b></td>
      <td width="202"><font face="Verdana">
      <input type="password" name="password" size="20"></font></td>
    </tr>
    <tr>
      <td width="293" colspan="2" align="center"><input type="submit" value="Submit" name="submit"> 
      <input type="reset" value="Reset" name="B2"></td>
    </tr>
  </table>
</center>
</div>
</form>
</body>
</html>

[JonnoTheDev]

Impossible with pure PHP.

PHP is server side and is only interpreted when requests are made. A browser is a client side application thus PHP cannot detect a user closing a browser.

[revraz]

I'm a bit confused, because sessions are killed once you close the browser already.

[vaibhavs]

How does yahoo mail (or other such websites) do it ??

If I close my browser window and open a new instance, yahoo shows me the login page.

[JonnoTheDev]

Because a new session is started if you fully close your web browser then reopen. Your old session key is not retained.

[vaibhavs]

Thats not happening with my code.

 

I open index.php (as coded above).

I login successfully.

Then I close the browser window.

Then I open a new browser instance & go to list.php and I am able to access it successfully.

 

I have this at the top of my list.php

<?
session_start();
if($_SESSION["client_name"] == ''){
	header("location:index.php");
}

?>

 

What should I do to correct this ?

 

Please help.

 

Thx

Vai

[JonnoTheDev]

It is probable that your browser is not fully closed. Sometimes browsers keep a users session open in the background even when closed by clicking the x. You could use an ajax request with the <body onUnload=""> trigger. I'm not sure why you would need to adopt this policy anyhow.

[revraz]

Are short tags enabled on your server?

Do you have error reporting on and displayed to make sure Sessions are working

Did you echo $_SESSION['client_name'] to see if it does actually hold something?

 

[vaibhavs]

Short tags are working.

Sessions are working.

The $_SESSION['client_name'] is displaying.

 

Can you throw some more light on <body unload"">

 

How can I control browser closing fully.

I have tried from multiple XP PCs and its same everywhere.

 

More help pls ??

 

Thx

[premiso]

Simple as this, browsers should kill sessions when closed. One possible scenario (which you can test with firefox and inspect cookies) is that your session is by chance being stored in a session and when you go back to the page it re-initializes that session.

 

That would be a server deal, so if you have a .htaccess file look there.

 

Every site I have worked on, the sessions reset on a browser close, so the scenario above (if possible) I am sure is rare. But yea. That is all I can think of.