ThePsion5 Posted March 27, 2006 Share Posted March 27, 2006 hi guys,I've created a PHP page that allows a user to login and perform a variety of tasks, but one problem I have is that when that person closes the browser and opens it back up, they're still logged in, which I do not want to happen. How should I correct this?-SeanEdit: I have an actual logout page and function that works just fine, i just need the user to be logged out when the page is closed in addition to that. Link to comment Share on other sites More sharing options...
aspnetguy Posted March 27, 2006 Share Posted March 27, 2006 Are you setting any cookies when the user logs in?I use $_SESSION to log user info on login...these automatically expire when the browser is closed. Link to comment Share on other sites More sharing options...
DarkElf Posted March 28, 2006 Share Posted March 28, 2006 I'm assuming that your using cookies to keep track of logged in users? If so then if you don't set an expiration time the cookie will simply expire at the end of the session (when browser window is closed). Alternatively use php sessions as aspnet guy suggests.The latter is a bit more secure, all the information about a cookie is stored in the browser and can be modified by the user. In a PHP session the only information stored on the browser is the session ID, this identifies the session (i.e. an open browser window on one particular machine), all the other information (such as the fact that the user on that session is or isn't logged in) is stored on the browser in a temporary flat file. Your PHP can check and modify the settings of session variables in the same way it can with cookies, but scripts not executed on the server (javascripts etc) can't see the session variables (unless you pass them back to the browser in your script, something you may occasionally want to do).Take a look at http://uk2.php.net/manual/en/ref.session.php for more info. Link to comment Share on other sites More sharing options...
ThePsion5 Posted March 31, 2006 Author Share Posted March 31, 2006 Well, I did some investigating and discovered that this bug only occurs when the page is opened as a tab in Firefox - if the tab is closed and then the page is loaded again in a different tag, the session variables are not destroyed. In IE it works fine...go figure. Does anyone have a solution for this? I'm not sure how to go about enforcing this and I need to design for firefox and IE. Thanks in advance!Also, Thanks to DarkElf and aspnetguy for their help -Sean Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now